It’s been a tough few weeks for Android users all over – with a lot of these vulnerabilities being discovered, like security issues that can be exploited via SMS or MMS, or the Stagefright vulnerability. Well, hold on tight because security outfit Trend Micro has revealed that it has discovered another issue that when exploited, can render an Android device unusable.
The vulnerability is present in devices running Android 4.3 Jellybean up to the current 5.1.1 Lollipop version – that’s almost half of the active Android devices globally. This bug can primarily be seen when an Android device tries to open a malformed MKV file (a type of video file in a Matroska container) which causes the operating system’s “mediaserver” service to crash over and over, rendering the operating system unusable – and with that, the user’s ability to use the device is gone.
The vulnerability will ultimately render the device unusable, resulting in a sort of denial-of-service situation. There will be ring tone, text tone, or notification sounds, and the user will have no idea of any incoming calls or messages. The device will be so locked up that one may not even be able to accept a call. The service crash will render the UI completely non-responsive at worst.
The main thing about this is that this particular type of MKV file can be created and maliciously sent to your device. Trend Micro says that even a website that tries to load the same malformed MKV file over the Chrome browser will result in the same crash. If the hacker can somehow program your device to access this file at device startup, then all your ability to use the device will be taken away. Trend Micro has submitted this vulnerability to Google in May, but so far, they say no action has been done to fix the vulnerability.
SOURCE: Trend Micro