The recent months have been full of uncertainty and a huge uproar especially on social media about the Stagefright 2.0 bug that has been confirmed to be once again in the loom. This has got something to do with libstagefright in Android. The mobile security firm, Zimperium zLabs has raised the alarm over mp3 and mp4 files that are the attackers’ manipulation tool to execute the malicious code in your Android device. Being armed with essential information is important as it will go a long way to keep you prepared for anything.
First, what you need to know is that Stagefright 2.0 is a pair of vulnerabilities that present in form of mp3 or mp4 that are presented by the attackers on your tablet or android device. When you preview that file, your operating system will preview the metadata, which gets the opportunity to execute the malevolent code. This code is executed even without your knowledge as long as there is the existence of a website that is specifically for conveying these manipulated files or a middle attack man. Zimperium has confirmed the use of remote execution, which it brought to Google’s attention. Google, in response to this, have started working on the fix by assigning CVE-2015-6602 and CE-2015-3876 to the reported mp3 an mp4 issues.
Another thing to note is that your tablet or phone is affected by these vulnerabilities in one way or another. Zimperium reports that these vulnerabilities affect every android device and tablet dating back all the way to Android 1.0. CVE-2015-3876 affects all Android 5.0 devices as well as higher phones or tablets. It could be delivered theoretically via website or middle attack man. Zimperium however assures that there is no case found where these vulnerabilities have exploited anything that is beyond lab conditions.
However, Google has not taken this lying down. The update on October security addresses these 2 vulnerabilities. The patches, coming in AOSP form will be available to users of Nexus starting from 5th October. Sharp readers may have noted that the just launched Nexus 5X and Nexus 6P already came with the October 5th update already installed. More information will be available on Android Security Group of Google from 5th October. For the other devices that are non-Nexus, Google has already provided the October 5th update on 10th September to Partners. It has also been closely working with carriers and OEMs to ensure the update is delivered as soon as possible.
Before the patch arrives, here is what you need to do to keep safe. Just ensure that you are very keen on what you are browsing and your connections too. It is wise to avoid using public networks as much as possible. Ensure that you mostly rely on two-factor network authentication if possible and keep off from queer websites as much as possible.
As much as the situation is serious and should be taken as such due to the extent of damage that can be caused by these Stagefright vulnerabilities, there is no need to feel as if the world of Android devices is crashing. Zimperium has been working hand in hand with Google to ensure these Android issues have been rightly fixed.
LATEST FROM YOUTUBE: