libutils in Android up to and including 5.1.1 LMY48M allows remote malicious users to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
Samsung and LG, but what about HTC?
Google is slinging new patches at the Stagefright Android-goring vulnerability revealed last week. The fixes will prevent malicious video and music files from exploiting StageFright 2.0 holes present in all Android devices. The new plugs stopper two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake reported the security bugs (CVE-2015-3876 in libstagefright, and CVE-2015-6602 in libutils) to Google that affec...
Pop tunes pop phones
Updated More than a billion Android phones, tablets and other gadgets can be hijacked by merely previewing MP3 music or MP4 video files. Booby-trapped songs and vids downloaded from the web or emails can potentially compromise vulnerable devices, and install spyware, password-stealing malware, and so on. This is all thanks to two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake found the pair of Android secu...