Attack code exploiting Android’s critical Stagefright bugs is now public

Dan Goodin:

Attack code that allows hackers to take control of vulnerable Android phones finally went public on Wednesday, as developers at Google, carriers, and handset manufacturers still scrambled to distribute patches to hundreds of millions of end users.

The critical flaws, which reside in an Android media library known as libstagefright, give attackers a variety of ways to surreptitiously execute malicious code on unsuspecting owners’ devices. The vulnerabilities were privately reported in April and May and were publicly disclosed only in late July. Google has spent the past four months preparing fixes and distributing them to partners, but those efforts have faced a series of setbacks and limitations.

Can Apple ship that switching app for Android before stagefright gets patched in the majority of devices?

Will anybody even be able to find it in the Google play store among the scam apps that claim to support iMessage and make your Android device have an iOS-style (but terribly implemented) home screen?

Author: Jack Slater

Your editor. More here.

Leave a Reply