Stagefright exploit putting android at risk with only a phone number.

[linuxfan66]

in a recent and disturbing development android phones can now be targetted using on a phone number using an mms with a dodgy media file by exploiting stagefright library.

A security researcher has discovered what could be one of the worst vulnerabilities in Google's Android mobile operating system to date, leaving close to a billion devices open to remote code execution.

Joshua Drake of security vendor Zimperium analysed gigabytes of source code for Android, and discovered that the Stagefright media library written in the C++ language - used for time-sensitive applications - is vulnerable to memory corruption.

This has has the potential to be a massive risk if it gets widely exploited and manufacturers dont catch on fast...

 

 

http://www.itnews.com.au/News/407121,android-bug-leaves-a-billion-phones-open-to-attack.aspx?eid=3&edate=20150728&utm_source=20150728_PM&utm_medium=newsletter&utm_campaign=daily_newsletter

[Syntaxvgm]

Apple bug: Apple updates the like 3 currently supported models

 

Android: Hah! 

 

 

The ONE thing iPhones are better at. 

 

Come at me 

[linuxfan66]

Apple bug: Apple updates the like 3 currently supported models

 

Android: Hah! 

 

 

The ONE thing iPhones are better at. 

 

Come at me 

im aware the iphone had picture render exploit, but that didnt work over mms unlike this.

[Syntaxvgm]

im aware the iphone had picture render exploit, but that didnt work over mms unlike this.

I think they recently had a plaint text exploit, turning off your phone if a message is loaded when your phone is locked or something. 

[linuxfan66]

I think they recently had a plaint text exploit, turning off your phone if a message is loaded when your phone is locked or something. 

oh yeah that was weird but at least it was never used to run a trojan...

[patrickjp93]

I don't think people realize this affects Linux too, if you happen to be using this media library. It's just another buffer overflow. They're very difficult to fully eliminate, and they're still the most common exploit in browsers and media libraries today.

[linuxfan66]

I don't think people realize this affects Linux too, if you happen to be using this media library. It's just another buffer overflow. They're very difficult to fully eliminate, and they're still the most common exploit in browsers and media libraries today.

Any apps you want to cite?

[patrickjp93]

Any apps you want to cite?

Any that use the same media library. I'm only saying the potential exists. I use Linux purely for workstation use, but for those who use it as a daily driver should be wary. Don't forget Android is heavily based on Linux, and Android's kernel is only a lightly modified Linux kernel.

[linuxfan66]

Any that use the same media library. I'm only saying the potential exists. I use Linux purely for workstation use, but for those who use it as a daily driver should be wary. Don't forget Android is heavily based on Linux, and Android's kernel is only a lightly modified Linux kernel.

No one targets Linux consumer apps except browsers. Only servers are targeted mainly

[_ASSASSIN_]

Any that use the same media library. I'm only saying the potential exists. I use Linux purely for workstation use, but for those who use it as a daily driver should be wary. Don't forget Android is heavily based on Linux, and Android's kernel is only a lightly modified Linux kernel.

no... the qualcomm CAF branch is VERY heavily modified for qualcomm's specifications for their chipsets.

And since qualcomm is what nearly 85-90% of android phones use, they all base their kernels off of CAF with their own modifications for the hardware and for more advanced features like heterogenous multi-processing like what the N6 has.

basically they aren't "lightly modified" although there has been much more ARM support in the later revisions of the linux kernel, but they aren't used.

[patrickjp93]

No one targets Linux consumer apps except browsers. Only servers are targeted mainly

That's no longer true. The Open Office initiative is gaining steam finally. Browsers, general use software, and a few other things are beginning to appear, including audio and video editing and playback software.

[patrickjp93]

no... the qualcomm CAF branch is VERY heavily modified for qualcomm's specifications for their chipsets.

And since qualcomm is what nearly 85-90% of android phones use, they all base their kernels off of CAF with their own modifications for the hardware and for more advanced features like heterogenous multi-processing like what the N6 has.

basically they aren't "lightly modified" although there has been much more ARM support in the later revisions of the linux kernel, but they aren't used.

Not as modified as it looks. In reality the things which look very different are the parts of least overall significance or complexity. You can still see Linus Torvalds' work plain as day between the branches.

[burnttoastnice]

Any that use the same media library. I'm only saying the potential exists. I use Linux purely for workstation use, but for those who use it as a daily driver should be wary. Don't forget Android is heavily based on Linux, and Android's kernel is only a lightly modified Linux kernel.

 

My log files are going to fill up with apt-get update until a new Linux kernel comes out I guess.