gfxgfx
 
Please login or register.

Login with username, password and session length
logo
 
gfx gfx
gfx
2976 Posts in 217 Topics by 29 Members - Latest Member: Frosty[SA] March 28, 2024, 03:40:02 pm
*
Sorry, you must be logged in to use the shoutbox!
gfx* Home | Help | Search | Calendar | Login | Register | Site | gfx
gfx
Server Admins  |  General Category  |  Geek / Games Discussion  |  Android Vulnerability!!
gfx
gfxgfx
 

Author Topic: Android Vulnerability!!  (Read 2515 times)

0 Members and 1 Guest are viewing this topic.

Offline KT 💣 KλBoƠM

  • Security
  • Spam Fighter
  • *
  • Posts: 1285
  • Age: 50
  • Location: Canada
  • Karma: +1974/-0
  • Gender: Female
  • 💔 🤦🏽‍♀️ 💣 💥
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • Firefox 39.0 Firefox 39.0
Android Vulnerability!!
« on: August 01, 2015, 06:28:57 am »
Android Stagefright contains multiple vulnerabilities

Vulnerability Note VU#924951

Original Release date: 28 Jul 2015 | Last revised: 29 Jul 2015

http://www.kb.cert.org/vuls/id/924951

Quote
Overview

Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright contains multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

Description

According to a Zimperium zLabs blog post, Android's Stagefright engine contains seven different vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability appears to affect all versions of Android from 2.2 (Froyo) and to at least Android 5.1.1_r5 (Lollipop). ZDNET reports that the feature that makes the vulnerability more severe "appears to be that to reduce video viewing lag time Stagefright automatically processes the video before you even think about watching it."

An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.

According to patches (see patch one, two, three), the vulnerabilities appear to be multiple integer overflows and underflows, and improper integer overflow checks. Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."

Full details are currently not available.

Impact

A remote attacker may be able to execute code on the Android device.

Read MORE on what to do about this here:

http://www.kb.cert.org/vuls/id/924951


Offline Sandman[SA]

  • Head Admin
  • Administrator
  • *
  • Posts: 1620
  • Age: 56
  • Location: Philadelphia PA
  • Karma: +14/-0
  • Gender: Male
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • MS Internet Explorer 11.0 MS Internet Explorer 11.0
    • The Server Admins
Re: Android Vulnerability!!
« Reply #2 on: August 01, 2015, 06:43:19 pm »
Old news actually.  It was somewhat similar to a vulnerability found in windows media player 6.x.  Strange that is still not been addressed.

Offline KT 💣 KλBoƠM

  • Security
  • Spam Fighter
  • *
  • Posts: 1285
  • Age: 50
  • Location: Canada
  • Karma: +1974/-0
  • Gender: Female
  • 💔 🤦🏽‍♀️ 💣 💥
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • Firefox 39.0 Firefox 39.0
Re: Android Vulnerability!!
« Reply #3 on: August 03, 2015, 10:34:35 am »
Old news actually.  It was somewhat similar to a vulnerability found in windows media player 6.x.  Strange that is still not been addressed.

Seems people still think cell phones are not like computers and are some how immune to any security vulnerabilities? Who knows.

Offline Sandman[SA]

  • Head Admin
  • Administrator
  • *
  • Posts: 1620
  • Age: 56
  • Location: Philadelphia PA
  • Karma: +14/-0
  • Gender: Male
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • MS Internet Explorer 11.0 MS Internet Explorer 11.0
    • The Server Admins
Re: Android Vulnerability!!
« Reply #4 on: August 03, 2015, 08:22:27 pm »
Well, think about that one for a second.  #1, android OS is derived from what OS?  Linux.  Linux for the most part is free, open source software.  And people usually think that since Linux is free, why would anyone want to hack it?  #2, a lot of people are not fully aware of how a computer can be infected by a virus.  And a smartphone is essentially a hand held computer that can also make and receive calls.  Basically, it all boils down to ignorance.

Server Admins  |  General Category  |  Geek / Games Discussion  |  Android Vulnerability!!
 

gfxgfx
gfx
SMF 2.0.6 | SMF © 2013, Simple Machines
Copyright © 2000-2024 Server Admins All Rights Reserved.
Page created in 0.212 seconds with 18 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!