Motorola Is Quick To Respond To Stagefright Vulnerability With A Set Of PatchesBy cheatmaster 08:29 Mon, 26 Jul 2021 Comments
If you are the Android-tinkering type then it is more than likely that you have heard of the recent Stagefcorrect vulnerability found in Google's OS. And if not, well it all boils down to a bug, related to some core Android messaging and multimedia capabilities that could potentially allow a hacker to high-jack your Android device by simply sending you a message.
The bug, discovered by Joshua Drake from the Zimperium security firm is pretty unsafe and could potentially affect any Android device starting from version 2.2 Froyo and up, which is almost any Android device currently out there. As you can imagine, this caused quite a stir in the community. Companies like Google and Samsung were quick to respond, promising a path, with the latter already applying the necessary fixes to AOSP, which was also vulnerable itself.
Motorola is also already working on a fix and has recently released a full list of devices that it will be rolling out the required patch to as soon as possible. If you own one of these be sure to check for an OTA in the coming days and definitely install it for some extra piece of mind. The eligible handsets are:
- Moto X (1st generation and 2nd generation)
- Moto X Pro
- Motorola Droid Turbo / Moto Maxx
- Moto G (1st generation, 2nd generation and 3rd generation)
- Moto G LTE (1st generation and 2nd generation)
- Moto E (1st generation and 2nd generation)
- Moto E LTE (2nd generation)
- Motorola Droid Ultra, Droid Mini, and Droid Maxx
As you might have noticed, the company’s recently announced trio of moto X devices - Moto X Style, Moto X Play and Moto X Pure Edition are not on the list. That is becautilize they will come with the fix bundled, as will all other future phones, since the changes have already been committed to AOSP.
And for those of you aching for some more info on the Stagefcorrect bug it is quite aptly named as it affects one of Android's core components, responsible for handling certain multimedia formats, such as MP4. The vulnerability itself exploits some integer overflow vulnerabilities and can be leveraged by delivering the necessary code to the victim as a multimedia message. In most cases the assumed message gets downloaded by the Operating System (OS) without need for confirmation from the user, after which the attacker can execute code remotely.
As it turns out most any recent Android or Android-based Operating System (OS) is vulnerable to the bug, but luckily there are still no reports of actual attacks using Stagefright. However, if you are feeling concerned you should check if you are affected using this free app and see into disabling automatic background downloading of MMS messages, where possible of course.
Source | Via
Please LOGIN or REGISTER To Gain Full Access To This Article