A few months ago, a security vulnerability, called Stagefright, was found in Android’s Media Preview.
The flaw allowed an attacker to send a malicious MMS, which compromised the device.
Google pushed out security updates to its Nexus devices, and also released a security patch to fix the issue in Android. This was later rolled out by other OEMs around the world, who patched their own devices. But what was once believed to be dead, has resurfaced.
Stagefright is back. Zimperium labs , who originally discovered the flaw in July, once again reports that Android is still vulnerable. And this time the malware has been encoded into audio files in an mp3 or mp4 media format. The malware could affect a device, which is used to visit a website which contains the malicious file. Android’s audio preview will automatically activate it, this putting the device at risk.
What’s worse is that the malware can potentially be spread on public Wi-Fi networks.So far, no device has been reported to affected by this flaw yet. And the good news is that Google will issue a fix for this in October’s security update which will roll out to Nexus devices on October 5th, the same day when Android 6.0 Marshmallow will roll out. Other OEMs will also be getting the patch from Google soon.
via: The Verge