Page 1 of 1

Android stagefright security hole

Posted: Tue, 28 Jul 2015 11:48 am
by x9200
This is a very serious android vulnerability potentially affecting practically all the Android systems in use today. There is no patch as of now I believe so this is what can be done:
  • disable automatic acceptance/loading of MMS messages coming to your phone
  • do not open any of such messages sent from the sources you don't recognize or don't trust
http://www.androidcentral.com/stagefrig ... -need-know

Re: Android stagefright security hole

Posted: Fri, 31 Jul 2015 3:54 pm
by the lynx
I'm surprised this has not been covered in mainstream media like Heartbleed.

Way too many people don't know about this.

Re: Android stagefright security hole

Posted: Fri, 31 Jul 2015 5:02 pm
by x9200
I think there are still not that many exploits (not to mention idiot-proof exploits) available so the hole is there but nobody uses it on any significant scale.

Re: Android stagefright security hole

Posted: Wed, 12 Aug 2015 11:20 am
by x9200
Yet another serious vulnerability in Android affecting many devices:
https://securityintelligence.com/one-cl ... cq62pOli1E

Re: Android stagefright security hole

Posted: Wed, 12 Aug 2015 1:37 pm
by zzm9980
Yay Android. Expect this to be fixed pretty much never on 98% of the devices out there.

Re: Android stagefright security hole

Posted: Wed, 12 Aug 2015 2:06 pm
by Strong Eagle
zzm9980 wrote:Yay Android. Expect this to be fixed pretty much never on 98% of the devices out there.
And especially if you have rooted your device and the @$#@^%$ USA telephone company won't push down updates because of the root. Stinkin' AT&T isn't letting me go to 5.x.x unless I unroot.

Re: Android stagefright security hole

Posted: Wed, 12 Aug 2015 3:26 pm
by x9200
Rooting may be actually the only hope. Most of the providers just don't give *beeep* anyway.

Talking about vulnerabilities there is also a nice one and rather serious for the Macs. Apparently was known already for some time but publicized (more) only recently. It requires some bad luck but not too much and if you are infected you basically ^@!%^#$~%^#$~&#. It's firmware based and it may be necessary to physically replace the firmware chip to fix it. The spreading mechanism relies on peripheral devices that have so called option ROM. The content of option ROM can be replaced and at the next boot if the device is in the socket the code will be executed and can modify the machine's firmware.