New problems for Android users, security experts at software research firm NorthBit have developed an exploit for a Stagefright vulnerability affecting Google’s operating system.
Millions of Android devices are open to hacking attacks due to the newly disclosed Android Stagefright Exploit that could allow attackers to hack a smartphone in 10 seconds.
The attacker just needs to trick users into visiting a specifically crafted web page that includes a malicious multimedia file.
The researchers at NorthBit have dubbed the Android Stagefright Exploit Metaphor, they published a detailed analysis of the attack in a paper entitled “Metaphor A (real) reallife Stagefright exploit.”
The researchers have published a proof-of-concept video that shows how they hacked an Android Nexus 5 device using their Metaphor exploit in just 10 seconds. They also demonstrated that the Android Stagefright Exploit Metaphor works against other mobile devices, including Samsung Galaxy S5, LG G3 and HTC One smartphones.
The Stagefright flaw affects a media library app that is used for by Android to process Stagefright media files. According to the experts at Zimperium the media library is affected by several vulnerabilities.
Joshua Drake from Zimperium discovered seven critical vulnerabilities in the native media playback engine called Stagefright, the expert defined the Stagefright flaw the “Mother of all Android Vulnerabilities.”
The attackers can exploit the vulnerability by sending a single multimedia text message to an unpatched Android device. Despite Google has already issued a patch and has sent out to it to the company’s partners, but most manufacturers haven’t already distributed the patch to their customers exposing them to cyber attack.
The researchers discovered two bugs that are triggered when processing specially crafted MP3 audio or MP4 video files.
(Security Affairs – Android Stagefright Exploit, Metaphor)
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
This website uses cookies.