Android Mediaserver vulnerability looks similar to the Stagefright bug.
Android owners may recall the Stagefright bug, the “worst ever Android vulnerability yet discovered”. That malware exposed a billion (that’s nearly every) Android device on the face of the earth to malware.
The latest critical bug has similarities to Stagefright, but exists in Android’s mediaserver. Google warns that an attacker could use the bug to remotely run malware hidden in video or audio.
In an announcement published in the Nexus Security Bulletin for January, Google said it has fixed 12 vulnerabilities affecting Android versions 4.4.4 to 6.0.1. Five are rated as critical security bugs. Partners were notified about and provided updates for the issues on December 7, 2015 or earlier, said the post.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”
How to protect yourself from the Android bug
The good news is that Google says, “We have had no reports of active customer exploitation of these newly reported issues.” Because of enhancements in newer versions of the Android platform, exploitation for many issues on Android is made more difficult. Regardless, Google encourages all users to update to the latest version of Android where possible.
- 1. Don’t ignore updates from Android – when you receive a notification about an update, accept it, and upgrade to the latest version of Android.
- 2. Avoid opening video and audio files you receive via text or email. Delete all messages you get, without opening it first, from any sender you do not recognize.
- 3. We recommend users disable “auto retrieve MMS” within their default messaging app’s settings, as a precautionary measure for the moment. You can find detailed directions in the Avast FAQ.
- 4. Install Avast Mobile Security on your Android devices.