A billion Android devices could be vulnerable to Stagefright 2.0 bug

Zimperium Zlabs has disclosed a new Android vulnerability it's calling Stagefright 2.0. In case that name isn't ringing any bells, it's a bug in an Android multimedia component that can allow an attacker to perform remote code execution, sometimes without any user interaction. The previous version affected an estimated 950 million handsets, and the new one version has the potential to affect even more.

Zimperium discovered two more distinct vulnerabilities in the way the operating system handles metadata in MP3 and MP4 files. The first vulnerability is CVE-2015-6602 , and it lies in an Android component called libutils. According ...

Read more...