If Stagefright was enough of a security scandal for Android devices a few months ago, keep in mind the internet is an ever-changing animal. The previous incarnation could have hackers take over your device by sending you a simple MMS and you didn’t really have to do anything to be affected. Obviously that was just the tip of the iceberg, and a new exploit takes life today.
The Zimperium researchers have dubbed a new attack as “Stagefright 2.0,” and it lies in a core Android library called libutils, which affects almost all devices running versions older than Android Lollipop. That said, don’t claim victory if your device is on Lollipop, as this new exploit combined with library elements from Stagefright 1.0 can also get you hacked.
Stagefright 2.0 targets the way Android processes the metadata of MP3 audio and MP4 video files. These files can be exploited when any app uses them, or even the Android system itself. This vulnerability can then trick device users into visiting a malicious website to complete the hack.
For those of you worried, Zimperium actually alerted Google of this in August, and it seems that Google is planning to patch this on October 5 through an Android Security update, so keep an eye on these changes and make sure you apply them. Zimperium’s Stagefright detector will be updated with this new exploit soon, and can be accessed in the source link.