![]() “They’re not accounting for specific integer types, and was able to bypass the patch with specific values that cause a heap buffer allocated to overflow.” “They failed to account for an integer discrepancy between 32- and 64 bit,” Exodus founder Aaron Portnoy told Threatpost. Using the updated firmware on a Nexus 5 phone, Exodus’ Jordan Gruskovnjak developed an MP4 file that bypassed the patch. Other researchers, meanwhile, found additional security issues using Stagefright as a starting point, including researcher from Exodus Intelligence that demonstrated one of the patches built and submitted by Drake was incomplete. With these other vectors still present, the importance of fixing issues within the code base remains very high.” “However, this attack vector constituted only the worst of more than 10 different ways potentially malicious media is processed by the Stagefright library. We’ve tested these updated versions and are happy to confirm they prevent unassisted remote exploitation,” Zimperium said today in a blog post. “Google released new versions of Hangouts and Messenger to block automatic processing of multimedia files arriving via MMS. The MMS does not have to be viewed or read, and can be deleted remotely by the attacker before the victim is aware the phone ever received it. I’d rather not have a service that’s doing risky processing have Internet access.”Īn attacker can send a vulnerable device a specially crafted MMS or Google Hangouts message that exploits the flaw. Android has a group enforcement where it allows to connect to the Internet. “That process, you would think, would be sandboxed and locked down as much as it could because it’s processing dangerous, risky code, but it actually has access to the Internet. You’d be able to monitor communication on the device and do nasty things. “On some devices, has access to the system group, which is right next to root-very close to root-so it should be easy to get root from system,” Drake told Threatpost in July. Stagefright is used to process a number of common media formats, and it’s implemented in native C++ code, making it simpler to exploit. ![]() The problem is that Stagefright is an over-privileged application with system access on some devices, which enables privileges similar to apps with root access. Stagefright is the name of the media playback engine native to Android, and the vulnerabilities Drake discovered date back to version 2.2 devices older than Jelly Bean (4.2) are especially at risk since they lack exploit mitigations such as Address Space Layout Randomization (ASLR) that are present in newer versions of Android. ![]() ![]() ![]() Silent Circle also patched its Blackphone and Mozilla patched Firefox, which uses Stagefright code in the browser. The move was mirrored by others, including Samsung and LG, and the first Nexus updates included patches for Stagefright. Google, meanwhile, wasted no time in changing the way it releases security updates for Android, announcing at Black Hat that it would send monthly over-the-air updates its Nexus phones. He originally planned to release exploit code on Aug. He chose not to publish exploit code at the time, giving Google time to push patches to the Android Open Source Project and subsequently to handset manufacturers and carriers. Drake, vice president of platform research and exploitation at Zimperium zLabs, said in July the bug could affect more than 950 million Android devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |