Much has been said about the Stagefright vulnerability but we have yet to see an ultimate solution for the problem. Security patch updates are important but even if monthly releases are not guarantee that an Android device is safe from attacks. We have a bit of good news as the attack code for this has just been made public. This kind of exploitation may not appeal to a lot of people but this will allow not only OEMs and mobile carriers, but also individuals and companies to check on their systems and devices if they could be affected by Stagefright or not.
The vulnerability discovered a few months ago is now made public for everyone to test. Unfortunately, hackers can also use the attack code selfishly. More Android security patches have yet to be distributed but at least developers can now see the problem and be able to release a fix as soon as possible.
Google is still scrambling on to release fixes but efforts seem to be not enough. There are still a number of exploitations going on but the Internet giant, together with its partners, know that it might take a while before Android is free from such attacks. Interestingly, this explotation doesn’t work on Android 5.0 devices and above as made possible by an ‘integer overflow mitigation’.
We’re grateful that Google, its Android team especially, is doing its best to address the Stagefright bugs by releasing monthly security patches. The likes of LG, Motorola, Sony, and Samsung have already pledged their part and we’re expecting more brands to follow suit.
VIA: Ars Technica