New Delhi: First discovered last year, Stagefright vulnerability affecting Android phones is back with a new variant that also puts to risk devices made by LG, Samsung, and HTC.
Researchers have found a new variant of the bug - dubbed 'Metaphor' - could compromise a device in less than 20 seconds and currently puts to risk millions of Android smartphones.
A report on ZDNet notes that Israel-based NorthBit developed the proof-of-concept that is capable of launching attacks against Nexus 5, LG G3, HTC One and Samsung Galaxy S5 phones.
The exploit also bypasses address space layout randomization (ASLR) on Android Lollipop versions 5.0 and 5.1.
Touted as the bug the 'worst Android vulnerabilities discovered to date,' the problem is heightened as it is up to the Android vendors to push forth Google's patches.
All that a potential attacker needs to do is lure the victim to a crafted page containing a malicious MPEG-4 multimedia file. This leads to a crashing of the Android's media servers and resets it. Following this, malicious JavaScript hosted on the Web page forwards device data to the cyberattacker's server.
Google has said that devices running the October 1, 2015 security update level or greater are protected against the bug and so are newer devices running Android Marshmallow. While the latest Android Marshmallow also comes patched against the bug, older versions are still at risk.
Comments
0 comment