| Author | Message | ||
Sesani Megastar Username: Sesani Post Number: 27238 Registered: 08-2014 Posted From: 172.56.36.220 Rating: N/A |
Android  | ||
Legend Username: Twitter Post Number: 38755 Registered: 10-2009 Posted From: 66.194.212.162 Rating: N/A |
The following CVEâs have been issued for the Android Stagefright MMS vulnerability. CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 The vulnerability is in the Stagefright media playback system in Android OS across multiple manufacturers. It allows for remote code execution from scripted MMS without any user interaction. http://blog.zimperium.com/experts-found-a-unicorn-in-the-hea rt-of-android/ https://threatpost.com/android-stagefright-flaws-put-950-mil lion-devices-at-risk/113960 As is being reported in the popular press, the vast majority of Android devices are vulnerable to this attack, although we are not yet hearing reports of attacks in the wild. It is unclear how quickly manufacturers will be issuing patches to users. In the meantime, it seems that disabling the setting âAutomatically retrieve multimedia messages (MMS)â or a similar setting should block several avenues of code execution. Advice on how to do this with Google Hangouts and other methods are coming up every hour. https://www.twilio.com/blog/2015/07/how-to-protect-your-andr oid-device-from-stagefright-exploit.html |