Google's Android Stagefright Security Patch Is Flawed, Says Researcher

Advertisement
By NDTV Correspondent | Updated: 14 August 2015 13:20 IST
Google's Android Stagefright Security Patch Is Flawed, Says Researcher
Android's Stagefright vulnerability has received its share of concerns and patch release announcements from various Android OEM manufacturers, including a new monthly security update cycle. The problem however seems to still be around even after Google released a patch this month for its Nexus devices that was claimed to fix the Stagefright bug.

Jordan Gruskovnjak, a security researcher from Exodus Intelligence has discovered 'severe' problems with patch rolling out to Nexus devices. Jordan also claimed that the Stagefright Detector app released by Zimperium (the company that reported the issue initially) is unable to detect the flaw that remains after the patch, which just contains four lines of code.

"Despite our notification (and their confirmation), Google is still currently distributing the faulty patch to Android devices via OTA updates," notes Exodus Intelligence.

To recall, Stagefright is an open source media player and which is believed to be used on about 95 percent of Android devices, an estimated 950 million users. The vulnerability, if exploited, can let attackers take control of an Android device by sending a specially crafted media file delivered by an MMS message.

"Along with the initial bug report, a set of patches to stagefright flaws were supplied and accepted by Google. One of these patches, addressing CVE-2015-3824 (aka Google Stagefright 'tx3g' MP4 Atom Integer Overflow) was quite simple, consisting of merely 4 lines of changed code," notes Exodus Intelligence official blog.

Advertisement

Jordan tested out a Nexus 5 with an updated firmware flashed to it and was greeted with a crash upon testing. He was able to test the flaw through a specially-crafted mp4 file that bypassed the patch.

The security research company says that it notified Google, and was told the Mountain View company has allocated the CVE identifier CVE-2015-3864 to its report. The company claims that it had to make the issue public with their findings to notify everybody about the issue.

Advertisement

Google confirmed the findings to The Verge, and added that a second patch was already being pushed out. "We've already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update," said Google in a statement.

The company however did not comment when non-Nexus devices can expect to receive the patch.

Advertisement

Last week, Google and Samsung announced they will offer a monthly security patch to their devices. LG and Motorola also joined to reveal Stagefright vulnerability patches.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Google, MMS, Mobiles, Stagefright, Vulnerability
India, US to Enhance Cyber-Security Cooperation
Mobikon Acquires Mobile Customer Feedback Platform Trii.be
Advertisement

Related Stories

Samsung Galaxy S24, Galaxy Z Flip 6 Tipped to Get Android 16-Based One UI 8 Beta Next Week
23 June 2025
Google Suffers Setback in Fight Over EU’s EUR 4.1 Billion Fine
20 June 2025
Adobe Firefly App for Android and iOS Announced, Offers AI-Powered Image and Video Tools
18 June 2025
Android 16 QPR1 Beta 2 Update for Pixel Reportedly Brings New Launch Animation for Gemini Overlay
15 June 2025
Killed by Google: Support for Android Instant Apps to Reportedly Be Dropped Later This Year
13 June 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Nothing Phone 3a Pro 5G Long Term Review: A Blend of Style, Speed, and Power
  2. Kubera OTT Release Reportedly Revealed: Where to Watch Dhanush Starrer Movie Online?
  3. AI+ Pulse, AI+ Nova 5G India Launch Timeline, Design and Colours Revealed
  4. Samsung Galaxy Book 5 Pro Review: Your Work Companion
  5. Nothing Phone 3 Full Specifications Surface Ahead of Its July 1 Debut
  6. Oppo K13x 5G With 6,000mAh Battery Launched in India: See Price
  7. Boat Airdopes Prime 701 ANC With Up to 50 Hours Battery Launched in India
  8. Apple Updates iPhone, iPad Pages With These Labels to Comply With EU Rules
  9. These Samsung Galaxy Models Could Get One UI 8 Beta Update This Month
  10. Xiaomi Mix Flip 2, Redmi K80 Ultra Set to Launch on This Date
#Latest Stories
  1. Amazon Diagnostics Launched in India, Offers Doorstep Sample Collection in Six Cities
  2. Honor Magic V5 Teased to Measure 8.8mm Thick; Colours, RAM and Storage Details Revealed
  3. Apple Reportedly in Talks to Acquire Perplexity AI to Strengthen Its Artificial Intelligence Efforts
  4. AI+ Pulse, AI+ Nova 5G Confirmed to Launch in India in July; Design, Colour Options Revealed
  5. iPhone, iPad Pages Updated With Energy Labels to Comply With New EU Regulations
  6. China’s Restrictions on Rare Earth Mineral Exports to Reportedly Adversely Impact Supply Chain Jobs in India
  7. Boat Airdopes Prime 701 ANC With Up to 50 Hours Total Playback Time Launched in India: Price, Features
  8. Huawei Mate XT 2 Launch Timeline Leaked; Said to Offer Satellite Connectivity
  9. Samsung Galaxy S24, Galaxy Z Flip 6 Tipped to Get Android 16-Based One UI 8 Beta Next Week
  10. Kabul Now Available for Streaming on Lionsgate Play: What You Need to Know About Political Thriller Online?
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.