Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Cyber Security Fourth Android vulnerability detected; Is it safe to use?
Cyber Security

Fourth Android vulnerability detected; Is it safe to use?

One after another vulnerability in Android has raised various questions about its safety. Android users are now, thinking is it safe to use?
Friday, August 21, 2015
One after another vulnerability in Android has raised various questions about its safety. Android users are now, thinking is it safe to use or not?

Researchers from Trend Micro, a security firm, have uncovered yet another Android mediaserver vulnerability in its versions 2.3 to 5.1.1, which they have said, could allow attackers to run their code with the same permissions that the mediaserver program already has as part of its normal routines.
However, Google has patched the vulnerability via the Android Open Source Project (AOSP).

According to the researchers, the vulnerability comes with the AudioEffect, a component of the mediaserver program. It uses an unchecked variable which comes from the client, which is usually an app. In order to attack, the attacker must convince the victim to install an app that doesn’t require any required permissions, giving them a false sense of security.

“Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk. Devices with customized versions of Android but with no modification made to the mediaserver component are also affected,” they said.

The researchers have suggested that in order to block the threat, the Android users can download Trend Micro Mobile Security (TMMS), which can detect threats trying to use this vulnerability and running any of the scenarios presented. They can also reboot their device using safe mode to uninstall the malicious app.

“We also recommend that device manufacturers patch their devices regularly to prevent their users from suffering from attacks that use this vulnerability,” they explained.

 It is said that the new flaw is quite similar to those three other major vulnerabilities in Android’s mediaserver component that detected recently. CVE-2015-3823 could allow attackers to trap phones in endless reboots and ANDROID-21296336 may render devices silent. Lastly, CVE-2015-3824 dubbed Stagefright can be used to install malware through a multimedia message.
Tags: Cyber Security
Share it:

Cyber Security