A new Android exploit has been discovered, and it’s said to devices running Android 2.2 and up.
Discovered by Zimperium zLabs, the bug involves an Android media playback tool called Stagefright. Details of how it works are light since the exploit isn’t yet patched, but it’s said that someone taking advantage of the issue need only send you a special file using MMS. The vulnerable code will run when you see a notification preview, view the MMS message, touch the video, or rotate your screen, so there’s a chance that the exploit could run several times in a short period.
Zimperium reported the issue to Google in early April and again in early May, and both times Google confirmed that patches were in the works. In a statement to Forbes, Google said that its manufacturer partners should deploy the fix in the coming weeks and months. A Google spokesperson added the following:
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”
HTC also touched on the bug, saying that it began rolling the fix into its updates in early July and that all projects going forward include it.
The folks at Zimperium say that Silent Circle’s Blackphone is already protected from this bug, and version 38 of the Firefox browser is also patched. The Nexus 6 is said to be protected from some, but not all, of these issues.
Because this bug is said to affect phones running Android 2.2 and up, it means that there are a whole mess of devices that are vulnerable. The good news is that Google is already aware of the issue and has cooked up a fix for it. Here’s to hoping that hardware makers like Samsung, LG, and others get the fix out to their users soon and push it out to older phones as well as new ones.