Categories: Breaking NewsHackingMobile

Zimperium firm released the Android Stagefright Exploit Code

Zimperium firm released the Android Stagefright Exploit Code, the Android flaw that is threatening the users of the popular Google mobile OS.

Experts at Zimperium Mobile Security Labs (zLabs) recently discovered a critical flaw, dubbed Stagefright affecting the Android OS.

The experts revealed that the Stagefright flaw (CVE-2015-1538) potentially affects 95% of Android devices running version 2.2 to 5.1 of the Google OS (roughly 950 million smartphones).  The Zimperium firm consider the Stagefright vulnerability as the worst Android flaw in the mobile OS history, the vulnerability affects a media library app that is used for by Android to process Stagefright media files. According to the experts at Zimperium the media library is affected by several vulnerabilities.

Now Zimperium experts have publicly released the Stagefright Exploit, demonstrating how to trigger the Remote Code Execution (RCE).
The researchers implemented the Stagefright Exploit in python by creating an MP4 exploiting the ‘stsc’ vulnerability, aka Stagefright vulnerability.

“We are pleased to finally make this code available to the general public so that security teams, administrators, and penetration testers alike may test whether or not systems remain vulnerable. What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538 (#1).states Zimperium.

The experts released the Stagefright exploits to allow security experts to examine their systems against this vulnerability.

According to the US-CERT/CC advisory, the Android Stagefright contains multiple vulnerabilities including:

  • CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
  • CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
  • CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
  • CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
  • CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
  • CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
  • CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
  • CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
  • CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
  • CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

The experts released the slides for the Stagefright exploit presented at the last Black Hat and DEF CON conference. The full video of the presentation at the Black Hat is available on YouTube.

The experts released the Stagefright exploit (Stagefright_CVE-2015-1538-1_Exploit.py).

Pierluigi Paganini

(Security Affairs – Stagefright exploit, Android)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: AndroidGoogleHackingmobileStagefright
10 years ago

Recent Posts

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025,…

15 hours ago

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials…

21 hours ago

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI…

21 hours ago

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including…

1 day ago

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign…

2 days ago

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in…

2 days ago

This website uses cookies.