The first Stagefright may have been patched now, but a new exploit that could allow the bypass of an Android handset’s security has just been discovered. This malicious code can actually be delivered by means of MP3 or MP4 files, according to the latest revelation regarding the matter.
This again leaves the more than billion Android handsets from all over the world open to a security bug. Google has been notified about this vulnerability, and has already started working on a fix. It will be patching Stagefright 2.0 through an update that’s scheduled to be released for Android next week.
By taking advantage of this loophole, hackers will be able to encode a piece of malware into an MP3 or MP4 file. Once a user downloads and opens the file, the malicious code will begin disseminating itself into the device.
The researchers over at Zimperium were responsible for finding out the first Stagefright bug, and it’s the same guys this time who have discovered its 2.0 version. For those who wish to know the technical side of things, libstagefright happens to be at the base of the whole problem.
This is actually Android’s default software library for handling multimedia content. In the first Stagefright bug, this library made it very easy for hackers to gain unauthorized access to devices by scanning a corrupted MMS. While that has been patched now, the bug has been found to work even while scanning maliciously crafted MP3 and MP4 files.
Like we said, Google is aware about Stagefright 2.0, and will be rolling out a fix for it through its latest monthly security update that’s expected to be rolled out on October 5.