A new Stagefright vulnerability has been discovered and this time it looks even scarier

03 October, 2015
It seems the Stagefright storm hasn't quite passed after all. As most of you might remember, a few months ago a scary vulnerability in one of Android's core multimedia libraries was uncovered and found to affect almost every device powered by Google's OS, as early as 2.2 Froyo. Since then, there have been no reports of an actual exploit utilizing the bug, but, naturally, it gave the whole industry quite a scare, triggering a quick reaction from many OEM's like Motorola and Samsung, who issued emergency fixes.

Sort by:

  • T
  • TFWAP2
  • 2Au
  • 04 Oct 2015

Yup im a TF network technician ^_^

    • Y
    • Y
    • 2Au
    • 04 Oct 2015

    Anonymous, 04 Oct 2015He's a TracFone Tech and the entire comment was documentati... more"the entire comment was documentation that we need to leave on file for every customer we interact with hence its so lengthy"
    SO YOU ARE A TECHNICIAN TOO?

      • ?
      • Anonymous
      • 9LB
      • 04 Oct 2015

      Y, 03 Oct 2015Congratulations! You're hired. You will GSMarena's next blo... moreHe's a TracFone Tech and the entire comment was documentation that we need to leave on file for every customer we interact with hence its so lengthy.

        • Y
        • Y
        • 2Au
        • 03 Oct 2015

        [deleted post]Congratulations! You're hired. You will GSMarena's next blogger. Phew.

          • ?
          • Anonymous
          • PA7
          • 03 Oct 2015

          AnonD-442781, 03 Oct 2015Last time it was shared, and it turned out that it couldnt ... moreYou might want to say that to the guy who found this vulnerability and dare him to share the exploit.

            • ?
            • Anonymous
            • pmw
            • 03 Oct 2015

            "scarier"? you are the awesomest

              • D
              • AnonD-442781
              • JiR
              • 03 Oct 2015

              Anonymous, 03 Oct 2015It's not a non-issue that has no known cases of exploitati... moreLast time it was shared, and it turned out that it couldnt have been abused anyway. This time is probably the same, but we can't know without seeing it.

              And there are still no known cases of exploitation.

                • D
                • AnonD-362866
                • rv3
                • 03 Oct 2015

                dukaki, 03 Oct 2015Xcode 7 allows anyone to self-sign an app and run it on any... moreOld news already fixed. Shame bro you guys really grasping at straws now hahaha

                  • D
                  • AnonD-362866
                  • rv3
                  • 03 Oct 2015

                  AA, 03 Oct 2015call me dull, i don't care.. but lately i've been reading ... moreIt's an emoji, this chat thread doesn't recognize them.

                    • ?
                    • Anonymous
                    • PA7
                    • 03 Oct 2015

                    Anonymous, 03 Oct 2015Well thank god it's a non-issue that has no known cases of ... moreIt's not a non-issue that has no known
                    cases of exploitation.

                    It's because the guy who find the vulnerabilities is good guy (at least judging by reading the article) he doesn't want to share a proof-of-concept exploit.

                    We don't want to imagine him sharing the exploits to public or selling to "bad guys", but who knows, given certain situations and conditions a good guy can become a bad guy.

                      • l
                      • lg user
                      • 9LA
                      • 03 Oct 2015

                      [deleted post]tracfone tech support ...too bad boy ...surely tier 1 receiving too many calls,well i have time to read... 3 calls i have and we are close 12-55 pm est time by the way,..good luck with ur customers.

                        • ?
                        • Anonymous
                        • PA7
                        • 03 Oct 2015

                        dukaki, 03 Oct 2015Xcode 7 allows anyone to self-sign an app and run it on any... moreMy point is still valid, jailbroken iDevices are never more secure than jailed iDevices, I NEVER said that jailed iDevices are more secure.
                        Even before xcode 7 released, and without xcodeghost, it's still possible to install malicious apps by signing them with enterprise certificate, but in reality without easy RW access to outside app's sandbox, the potential of those apps to do harm are quite limited.

                        Yes we know and realisr that in this day and age, there's no real secure environment be it software or real life.

                          • ?
                          • Anonymous
                          • 9LB
                          • 03 Oct 2015

                          Android users just can't accept that their OS is more vulnerable than Apple's iOS. To every time there is a threat on Android, they come up with some type of defense mechanism, lol.

                          #Pathetic

                            • &
                            • ""'
                            • PxV
                            • 03 Oct 2015

                            AnonD-123996, 03 Oct 2015We users do have all kind of fixes for our android and user... morehahaha opensource?
                            that's the biggest security flaw of android.

                            1. Someone terribly evil reading android codes.
                            2. Then he finds a security flaws in those codes.
                            3. Then he used that flaws to hack billion of android devices.
                            4. 2 Months later a good person also read those codes.
                            5. He also found the flaws, but since he is a good person, he report that to google.
                            6. Then google fix it.

                              • C
                              • Conzequences
                              • b7d
                              • 03 Oct 2015

                              Now i'm excited to see how Blackberry Priv would take on this kind of issues with the OS...

                              hmmm..

                                • ?
                                • Anonymous
                                • JiR
                                • 03 Oct 2015

                                Anonymous, 03 Oct 2015Maybe for nerds, you can fix it on your own, but for ordina... moreWell thank god it's a non-issue that has no known cases of exploitation, and doesn't work outside of a lab.

                                  Anonymous, 03 Oct 2015Don't forget the SSL bug patch (regardless how silly the bu... moreXcode 7 allows anyone to self-sign an app and run it on any ios device. There are so many third party apps that use this to bypass apple's appstore.
                                  Btw, apple's own appstore in china had apps infected with xcodeghost. Codesigning cannot save you.

                                    • ?
                                    • Anonymous
                                    • PA7
                                    • 03 Oct 2015

                                    Lol, 03 Oct 2015Actually, many people have been complaining about how Andro... moreIt's the preloaded primary apps that are being more and more closed source (the exception Cyanogen OS/ CyanogenMod and some other custom roms based on Cyanogen source code) but at least Android barebone OS will always be open source.

                                      • ?
                                      • Anonymous
                                      • vx4
                                      • 03 Oct 2015

                                      AnonD-123996, 03 Oct 2015Please correct me if i am wrong. Android users can root the... moreMaybe for nerds, you can fix it on your own, but for ordinary people they dont have time and the know on how to root, find a root program for their unit, install twrp, find the stagefreight exploit... Dont think all android users are like you who has time to waste and fix the exploit themselves. Can you imagine a doctor, engineers, bankers, managers... professionals tinkering around on fixing orupdating their android, they dont have time for that, they are very busy with their work and responsibilites with their lives

                                      Thats why we buy branded phones so that we dont have to worry and do the fixing on our phones, the OEMS are suppost to do that not the users.

                                        • ?
                                        • Anonymous
                                        • PA7
                                        • 03 Oct 2015

                                        Lol, 03 Oct 2015Actually, many people have been complaining about how Andro... moreDon't forget the SSL bug patch (regardless how silly the bus is) there are two patches (from two developers) IIRC for jailbroken iOS 6 users below iOS 6.1.6 and jailbroken iOS 7 users below 7.0.6

                                        But as users you are dependent on developers kindness, right?

                                        And Jailbroken iDevices are never ever more secure than jailed iDivices due to ability to run unsigned code.

                                          2 of 4