Earlier this week researchers with Zimperium Mobile Security announced that they had found a scary new vulnerability deep in the code that Android phones and tablets use to handle multimedia. The code and the vulnerability are called StageFright. The researchers discovered that by sending a text message containing a specially crafted audio or video file they could execute arbitrary code on the victim's phone. Zimperium estimates that in 50% of cases the user wouldn't even have to open the text message for the exploit to work. In the other 50%, the exploit runs as soon as the user opens the message containing the malicious content. According to Zimperium, this vulnerability affects any Android device running version 2.2 or above regardless of manufacturer, which accounts for nearly every android phone in existence (95% according to Zimperium). Unfortunately, Zimperium was very guarded about the details of the attack and, even more concerning, how to prevent it.…
↧