Latest in Bug

Image credit:

Stagefright bug now spreads through malicious audio files


Cripes, how many times is Google going to have to patch before the Stagefright exploit bug stays fixed? The company has already patched its code three times but on Thursday, security research firm Ziperium (the guys that initially discovered the flaw) announced that it had discovered yet another way hackers could bypass an Android handset's security. This time, the malicious code can be delivered by an audio message.

Hackers can encode a piece of malware into an MP3 or Mp4 file and then disseminate it (worryingly, this sort of digital delivery vehicle works really well over public Wi-Fi connections). Any Android user who clicks on the downloaded file will prompt the OS to automatically preview the song, infecting the device. And since virtually every build of Android OS currently available shares this same auto-preview feature, the exploit works nearly universally. Google is reportedly already working to patch the vulnerability in Android's core code, which should be ready by the October Monthly Security Update on the 5th.

From around the web

ear iconeye icontext filevr