Stagefright Vulnerabilities
Severity Level: High
AppRisk Coverage: Yes
Type: Exploit
OWASP: M4: Unintended Data Leakage
Aliases:
Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:
- CVE-2015-1538
- CVE-2015-1539
- CVE-2015-3824
- CVE-2015-3828
- CVE-2015-3829
- CVE-2015-3864
- CVE-2015-6602
Details or analysis:
This is one of several vulnerabilities, also known as “Stagefright vulnerabilities”, in the Android library “libstagefright“. The library is responsible for processing multimedia files.
If successfully exploited, each vulnerability could allow a malicious application or individual to execute arbitrary code with elevated privileges, via crafted atoms in MPEG-4 data. In an attack scenario involving MMS, an attacker could send attack code via a multimedia file that, when received, could auto-execute.
The vulnerabilities affect Android OS versions from 2.2 (Froyo) and prior to 5.1.1 r9 (Lollipop).
The Android Open Source Project (AOSP) has released Android 5.1.1 r9 to address the vulnerabilities. Android Marshmallow with Security Patch Level of November 1, 2015 or later also addresses the vulnerabilities.
For more information, see the reference links.
Reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6682
- https://www.kb.cert.org/vuls/id/924951
Search for:
Recent Posts
- Malvertising – Getting More Than You Pay For
- Sonorousness ransomware unmasked
- Rediscovery of NetUSB Vulnerability in Broadband Routers
- Are smart locks secure? -Hacking smart locks
- Popular anonymous SNS app leaking user id, geo location, etc
Archives
Tags
- Security