Google releases patches for ‘Stagefright 2.0 leaks’
Google has released patches for ‘Stagefright 2.0’, two vulnerabilities in Android that allow attackers to break into smartphones in a security update. The security updates should be released soon for many different devices.
Google has not yet seen any cases of attackers taking advantage of the vulnerabilities, the report shows. Security company Zimperium announced the existence of the two bugs in early October. Zimperium named the bug Stagefright 2.0 as one of the bugs is in the Stagefright video framework, just like the previous series.
Malicious persons can exploit the bugs by enticing an Android user to visit a website with malicious MP3 or MP4 files. After processing the files, malicious code can be executed. The code can also be injected by being on the same Wi-Fi network and injecting the code by intercepting unencrypted network traffic. Then the hacker does not have to tempt the victim to open certain files.
The patches are included in the monthly security update that Google releases for Android. The intention is that manufacturers quickly put the patches in their own security updates. Samsung, LG and HTC, among others, have promised to release such updates, although HTC called the aim of monthly updates this week ‘unrealistic’.