Stagefright is a critical Android vulnerability. Some phone vendors have released partial patches to the vulnerabilities disclosed and this app can help you to understand if your device is vulnerable or not.
Zimperium zLabs created a Detector app to validate that you are running a version that is not vulnerable to the discovered Stagefright vulnerabilities.
While the patches have been applied, it may be years until they reach all devices. We provided these patches to carriers and vendors through Zimperium Handset Alliance (ZHA). Zimperium zLabs expert and VP of Platform Research and Exploitation, Joshua Drake discovered multiple critical vulnerabilities in Stagefright library and provided patches to Google to secure Android. “Users can also take steps to protect themselves by disabling the automatic download of MMS messages and deleting those from unknown senders, exercising caution when opening email attachments, connecting to well-known Wi-Fi networks and ensuring websites, services and application stores are authentic.Stagefright Detector App for Android Devices “Sony has received the patches from Google to correct the issue and are making them available through retail partners within ongoing software maintenance – updates will start rolling out over the next few weeks, with exact timings varying by region. Update: Sony has got in touch with a statement on how they are tackling the Stagefright exploit. If you want to find out whether your Sony Xperia device is vulnerable to this exploit, then Zimperium has created the Stagefright Detector App which will test your handset. However, “hundreds more” devices will also receive the update, so other Sony Xperia devices won’t be left in the cold. At Black Hat 2015, Google confirmed that a fix will arrive this month for the newer Xperia Z series such as the Xperia Z2, Z3, Z3+/Z4 and Z3 Tablet Compact. Google is working alongside all of the key Android manufacturers to deliver updates that patch this exploit. Many of you have got in touch with us asking when a fix is likely, however Sony has officially been quiet on the matter. Zimperium says that “ issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices”. Even worse, the MMS can delete itself before you open it. Potentially an attacker would only need your mobile number and then execute an attack even with no user-interaction. Hackers could potentially use the libStageFright media library (hence ‘Stagefright’) as a way into your device when processing an MMS. An exploit was discovered last week by researchers at Zimperium that is believed to leave the majority of Android devices vulnerable to attack.
0 kommentar(er)
