EditorA new bug for Android has been reported after Google had earlier announced an update for the Stagefright vulnerability for its Nexus devices. Stagefright is a critical security bug but it was patched by Google after it got reported. Stagefright was taken very seriously as many security researchers claimed that the bug could render the Android based devices dead. The phone would cease to work with no sound and screen display, unable to make calls etc. The new bug has been reported by Trend Micro that says that the bug uses a malformed Matroska (MKV) video in apps, or websites to crash android’s mediaserver service, leaving the phone inactive. This bug could not only damage your phone’s interface but could also silence calls or notification. TrendMicro also suggested that it is possible that you might not even get past the lock screen of your device. Trend Micro’s Wish Wu, a mobile threat engineer has explained the vulnerability and the effects it can have on your phone. However, this vulnerability might not affect the older versions of Android but is present in the recent version, ranging from Android 4.3 Jelly Bean to Android 5.1.1 Lollipop. This is also the band within which about 90 per cent of the Android phones operate, according to Google’s Android distribution numbers. In an interview, Wish Wu explained,” The vulnerability lies in the mediaserver service, which is used by Android to index the media files that are located on the Android device.This service cannot correctly perform a malformed video file using the Matroska container, usually with an .mkv extension. When the process opens a malformed mkv file, the service may crash. This might lead to the crash of the entire system with it.”
Trend micro also pointed out the ways in which this could happen on a phone. This vulnerability can be exploited either by an installed malicious app or a specially designed website. Google has already asked the users to browse trusted websites and keep away from untrusted and malicious ones. The bug was reported to Google in May by Trend Micro but it decided to put it in low –priority pool as Google believes that there has been no actual evidence of exploitation of this vulnerability. Now, Google has said that the vulnerability will be patched in the upcoming version of Android.
Image Source: phandroid.com
Gollapalli Nithin Kumar
Editorial Staff
