New Stagefright Attack Targets Android Phones With Phony Audio Files

Stagefright is quickly becoming the bug that wouldn’t die. First discovered in July, the vulnerability allowed attackers to target Android phones over text or MMS, exploiting a weakness in Android’s multimedia preview function.

Google, manufacturers and carriers scrambled to patch the bug, only to have another bug pop up two weeks later, requiring another round of patches. Now, three months after the initial disclosure, it’s all happening again.

Zimperium security a new way to exploit Stagefright that isn’t covered by existing patches, first reported by Motherboard. The new vulnerability works by encoding a malicious program into an audio file, delivered over mp3 or mp4. Once a user previews the file or visits a page where that file is embedded, Android’s audio preview will activate the program, infecting the device.

Read the rest of this post on the original site »

This article originally appeared on Recode.net.

We're here to shed some clarity

One of our core beliefs here at Vox is that everyone needs and deserves access to the information that helps them understand the world, regardless of whether they can pay for a subscription. With the 2024 election on the horizon, more people are turning to us for clear and balanced explanations of the issues and policies at stake. We’re so grateful that we’re on track to hit 85,000 contributions to the Vox Contributions program before the end of the year, which in turn helps us keep this work free. We need to add 2,500 contributions this month to hit that goal. Will you make a contribution today to help us hit this goal and support our policy coverage? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via