Two new vulnerabilities for Android have just been discovered by Zimperium zLabs which pose a serious risk to almost every Android device out there. The bugs are an extension of the Stagefright bugs which were discovered by the same labs in April, now it seems that the problem is much broader than it was initially expected.
These bugs are capable of striking devices running Android 1.0 to Android 5.0 and up. Depending upon their use, these bugs can let attackers run programs of their own choosing, gain access to data on the device, monitor keyboard strokes, turn on webcams, or even turn the device into a tool that launches attacks on other devices.
The said bugs have the ability to infect a device from a simple modified audio or video file, even if the user is viewing or listening to the file online. Elaborating on this, zLabs stated: “The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue,” in their official blog post.
On the bright side, Google has been notified of the vulnerabilities in their operating system and in an interview with Motherboard, Google confirmed that they will issue a security patch for Nexus users on October 5. However, non Nexus users still don’t have a timeline when this patch will hit their devices as it all depends on their device manufacturers. Google did confirm that they have informed Android device makers of the bugs on September 10 and hope that they release a security update as soon as possible.
All of this is scary enough as it is but it seems that these Stagefright bugs might not be the last ones as zLabs researcher, Joshua Drake did tweet that he has allegedly informed Google of almost 10 other flaws in September. As of this moment, we can only advise all our readers to play it safe and only view videos or listen to audios from secure sources.