95% of Android phones vulnerable to Stagefright MMS exploit
Joshua Drake, a researcher from Zimperium's zLabs, is about to drop a bombshell at the upcoming Black Hat conference: details of an Android remote code execution exploit that could use a single MMS message to crack as many as 950 million phones, or roughly 95% of all Android handsets, according to statements Drake provided to Forbes. The attack is called Stagefright, named after Android's system-wide media playback component, where the vulnerabilities lie-and which various messaging apps use to display multimedia content. zLabs even goes so far as to call this "the worst Android vulnerability in the mobile OS['s] history."
Depending on the messaging app in question, a victim may not even have to view the booby-trapped MMS. Drake told Forbes that Google's Hangouts allows for a fully silent attack on a vulnerable handset-the exploit triggers before a notification is even issued. ...