clock menu more-arrow no yes mobile

Filed under:

New Stagefright Attack Targets Android Phones With Phony Audio Files

The bug that wouldn't die.

The Verge

Stagefright is quickly becoming the bug that wouldn’t die. First discovered in July, the vulnerability allowed attackers to target Android phones over text or MMS, exploiting a weakness in Android’s multimedia preview function.

Google, manufacturers and carriers scrambled to patch the bug, only to have another bug pop up two weeks later, requiring another round of patches. Now, three months after the initial disclosure, it’s all happening again.

Zimperium security a new way to exploit Stagefright that isn’t covered by existing patches, first reported by Motherboard. The new vulnerability works by encoding a malicious program into an audio file, delivered over mp3 or mp4. Once a user previews the file or visits a page where that file is embedded, Android’s audio preview will activate the program, infecting the device.

Read the rest of this post on the original site »

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.