Security company provides source code for Stage Fright exploit free

Sep

10

2015

The company Zimperium has explained in detail how one of the vulnerabilities in the Stage Fright video engine works in Android. The source code for the exploit tools can be built for abuse, but Google is working on rolling out a patch.

On his blog has security researcher Joshua Drake of Zimperium placed a sample code to exploit the vulnerability Stage Fright. It is known that the STSC vulnerability identifier CVE-2015-1538 has been suspended. Zimperium points out that it is only one of the possible vulnerabilities, which are collectively identified as a Stage Fright bug, but it is one of the most critical errors. With the released source code, it is possible to build an exploit to abuse the Stage Fright vulnerability.

The code that has been released does not necessarily on all Android devices, according to Drake, but may require some minor adjustments. It is also possible that some smartphones are already fixed by patches released by Google, making the exploit no longer works. Many appliances continue to be vulnerable, allowing hackers to use the code to break into users. With the release of the operating hopes Drake true that developers learn something from it, including by testing whether their system is still susceptible to the vulnerability.

Drake had earlier already indicated that he would give the exploit release. That had to happen at the Black Hat conference. However, when it was decided to postpone to give Google more time to fix the vulnerability. The Internet giant released a patch already out, but a security company pointed out that it is not sufficient protection offered against Stage Fright bug. To what extent is presently abuse of the Stage Fright bug is not known.

Viewing:-155

In: Technology & Gadgets Asked By: [15768 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »