
It appears that another Android security issue was recently publicized with the latest exploit rendering devices “lifeless.” To make matters worse, the vulnerability is said to be affecting more than half of the units that are currently on the market. The folks over at Trend Micro were the first to discover the security flaw in Google’s Android mobile operating system but Google has yet to fix the issue despite acknowledging the report as a “low priority vulnerability.”
The flaw is said to affect any device running Android 4.3 Jelly Bean up to the latest version, Android 5.1.1 Lollipop. Hackers can either install a malicious app on an Android device or direct users to a nefarious website, then force the Android device to become “apparently dead – silent, unable to make calls, with a lifeless screen,” according to Trend Micro. Furthermore, if the exploit is installed through an app, it can auto-start whenever the device boots, causing Android to crash every time the device is powered on. According to Trend Micro:
In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.
That being said, unlike the issue discovered by Trend Micro, which hasn’t been patched yet, Stagefright was fixed by Google in the latest iteration of Android. Since many of the users on Android aren’t running the latest version of the mobile operating system, the vulnerability is said to affect 95% of Android device owners running version 2.2 Froyo all the way up to 5.1.1 Lollipop.
Most Android device owners simply can’t run the latest iteration of the operating system due to restrictions placed by their handset makers. In comparison, 85% of Apple mobile device users are using iOS 8 or later, which is its latest operating system, while the other 13% are running iOS 7.
If you’re an Android user or know one, keep in mind that Trend Micro recently cautioned its new exploit and Stagefright could be just the beginning of other security issues to come. They wrote the following regarding the matter:
Further research into Android — especially the media server service — may find other vulnerabilities that could have more serious consequences to users, including remote code execution.
Source: Trend Micro via AppleInsider
Message