Motorola is quick to respond to Stagefright vulnerability with a set of patches

If you are the Android-tinkering type then it is more than likely that you have heard of the recent Stagefright vulnerability found in Google's OS. And if not, well it all boils down to a bug, related to some core Android messaging and multimedia capabilities that could potentially allow a hacker to high-jack your Android device by simply sending you a message.

The bug, discovered by Joshua Drake from the Zimperium security firm is pretty dangerous and could potentially affect any Android device starting from version 2.2 Froyo and up, which is almost any Android device currently out there. As you can imagine, this caused quite a stir in the community. Companies like Google and Samsung were quick to respond, promising a path, with the latter already applying the necessary fixes to AOSP, which was also vulnerable itself.

Motorola is also already working on a fix and has recently released a full list of devices that it will be rolling out the required patch to as soon as possible. If you own one of these be sure to check for an OTA in the coming days and definitely install it for some extra piece of mind. The eligible handsets are:

• Moto X (1st generation and 2nd generation)
• Moto X Pro
• Motorola Droid Turbo / Moto Maxx
• Moto G (1st generation, 2nd generation and 3rd generation)
• Moto G LTE (1st generation and 2nd generation)
• Moto E (1st generation and 2nd generation)
• Moto E LTE (2nd generation)
• Motorola Droid Ultra, Droid Mini, and Droid Maxx

As you might have noticed, the company’s recently announced trio of moto X devices - Moto X Style, Moto X Play and Moto X Pure Edition are not on the list. That is because they will come with the fix bundled, as will all other future phones, since the changes have already been committed to AOSP.

And for those of you aching for some more info on the Stagefright bug it is quite aptly named as it affects one of Android's core components, responsible for handling certain multimedia formats, such as MP4. The vulnerability itself exploits some integer overflow vulnerabilities and can be leveraged by delivering the necessary code to the victim as a multimedia message. In most cases the said message gets downloaded by the OS without need for confirmation from the user, after which the attacker can execute code remotely.

As it turns out most any recent Android or Android-based OS is vulnerable to the bug, but luckily there are still no reports of actual attacks using Stagefright. However, if you are feeling concerned you should check if you are affected using this free app and look into disabling automatic background downloading of MMS messages, where possible of course.

Source | Via