View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
October 2, 2015

Stagefright cyber-threat back for second run

News: Vulnerabilities in Android refuse to bow out as Zimperium unearths another flaw.

By Alexander Sword

Two vulnerabilities, collectively dubbed Stagefright 2.0, have been discovered in Android that could allow hackers to take over phones using MP3 and MP4 files.

Joshua J. Drake of Zimperium zLabs found two vulnerabilities which could allow specially crafted audio or visual files to execute arbitrary code in the devices.

If a user visited a website and accessed an infected file the attacker might be able to use this code to gain full access to the device.

The first, in ‘libutils’ impacts almost every Android device since the first version in 2008. The second, in ‘libstagefright’ was found to affect devices running version 5.0 and up.

Zimperium reported the vulnerability to Google and will share proof-of-concept code with members of the Zimperium Handset Alliance, but not the general public.

In a blog, Zimperium wrote that it expected to see more vulnerabilities of this kind.

"As more and more researchers have explored various vulnerabilities that exist within the Stagefright library and associated libraries, we expect to see more vulnerabilities in the same area."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

SOTI, the enterprise mobility management company, commented that IT professionals needed to implement steps to prevent the vulnerability from hitting enterprises.

"Employees often adopt a more cavalier attitude to downloading and clicking links in the workplace as they assume there is robust security in place, and managing these devices is a complex challenge.

"Beyond enforcing an encryption and authentication mandate, personal devices must be containerised to keep personal usage separate and corporate data secured. Also, applications can be managed to protect employees from untrusted applications."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.