Software security firm, Trend Micro, reports that it has found a fresh vulnerability in Android that affects more than half of the devices in use today. All the way up from Android 4.3 to Android 5.1.1, the vulnerability can render a phone practically dead.
httpv://www.youtube.com/watch?v=gjn5QTaQ0fk
The company has detailed the exploit in a blog post and says that the vulnerability lies in the mediaserver service used for indexing media files by Android. The exploit involves using a malformed MKV (Matroska) file that can crash the indexing service and then the entire operating syste,. Needless to say that the exploit is fairly complicated to execute. A user will have to actively download a malicious application or visit a specially crafted web site that will load the MKV file and cause harm. The known effects of the exploit are listed below:
- The affected device will go completely silent and non-responsive. Users won’t receive ring tones or any notification sounds for that matter and will not be able to accept phone calls.
- A locked phone cannot be unlocked, the interface may potentially become extremely slow or un-responsive.
The vulnerability brings with it the potential for additional damage through ransomware or even remote code insertion. Trend Micro claims that they reported the vulnerability to Google in May who acknowledged it as a low priority vulnerability identified it as ANDROID-21296. At the time of publishing, no patch has been issued to fix this potentially major exploit. As always, we’d recommend readers to refrain from downloading pirated, cracked or for that matter any APK that is unsigned and is not from a trusted source. The amount of damage that is possible via a vulnerability such as this or stagefright far outweighs the dollar or two you might save from not buying the application from the Play Store. Follow through to the source for the technical nitty grities of the exploit.
[Via – Trend Micro]