Patch issued for Stagefright Android 2.0

News by Max Metzger

The Android Stagefright 2.0 bug has now been patched, after its initial discovery this July.

In July, security researchers from Zimperium Security warned Android users that they could be attacked by a mere text message. Two weeks later, the bug sprang up again.

But it wasn't until last week that Zimperium reported that they had found a new way to exploit the vulnerability.

By inserting malware into MP3s or MP4s, malicious attackers can disguise their bug as a benign audio file. Once the unsuspecting user previews the audio files, possibly reached via phishing pages, the bug activates and infects the device. This however, was an effectively hypothetical vulnerability as there have been no reports of an 'in the wild' attack.

But now, three months after the bug's initial discovery, Google has finally started to issues patches for the vulnerabilities in its Android devices.

These new patches tackle 30 vulnerabilities in Android devices but it is as yet unclear which Android vendors will issue the monthly security updates.

Tech news outlet, The Register reports that those not using Android devices from major vendors will be “at the mercy of manufacturers.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews