The Stagefright vulnerability threat that was said to affect 95% of Android devices is being too stubborn and not ready to leave. Researchers from Exodus Intelligence has discovered a flaw in the security patch fix that was released by Google.
Google had rolled out a Stagefright security patch to all its Nexus devices last week. However, latest findings from security firm Exodus Intelligence has found that one of the patched issued by Google could still allow access to Android devices thereby making them potentially vulnerable to attack via Stagefright. The researchers were able to craft an MP4 video file to prove the patched Android library is still vulnerable. The Stagefright library crashes when trying to open that data in a multimedia message, and the team say the programming blunder is exploitable.
The Exodus Intelligence researchers have publicly published the vulnerability, claiming that Google was made aware of the situation on August 7. “We’ve already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update“, said Google. In addition to Nexus devices, Google said it sent the original patches to other mobile providers, including: Samsung for its Galaxy and Note devices; HTC for the HTC One; LG for the G2, G3 and G4; Sony for its Xperia devices; and Android One.
The original Stagefright vulnerability was discovered by security company Zimperium which later even released a Stagefright Detector app. Samsung, Motorola and LG also announced that they will release monthly security update for their devices.