New Android Vulnerability Affects Wide Range of Devices; Google Publishes Fix

Advertisement
By Manish Singh | Updated: 19 August 2015 15:24 IST

Another day, another Android vulnerability. A new security flaw has been found in the mediaserver component of Google's mobile operating system, the same component that gave rise to the Stagefright bug. The vulnerability in question lies in the way Android handles media files, and if exploited, could allow an attacker to execute arbitrary codes. The vulnerability affects the vast majority of Android devices, running on version 2.3 to 5.1.1. Google has already published a fix for it to the AOSP program, though due to heavy fragmentation in the ecosystem, it could take a while before hitting your device.

Called CVE-2015-3842, the vulnerability has been found in the AudioEffect component of Android's mediaserver component. The vulnerability, as reported by security firm TrendMicro, lies in the implementation of this feature which does not properly check for buffer sizes supplied by clients. An attacker can abuse this vulnerability by convincing users to install apps that don't require any special permissions, and afterwards run arbitiary code on their devices.

Advertisement

"It uses an unchecked variable which comes from the client, which is usually an app. For an attack to begin, attackers convince the victim to install an app that doesn't require any required permissions, giving them a false sense of security," wrote Trend Micro in a blog post.

Among the things that could happen in the aftermath of the attack include compromised control of the camera, improper rendering of mp4 files, tweaks in privacy settings - essentially the tasks that are linked to the mediaserver component.

Advertisement

The comforting part of the news is that there are no known active exploits based on this vulnerability - and Google has already published a fix for it. Though, when will you receive this update on your device depends on the OEM. Trend Micro claims users can download its mobile security suite TMSS to be able to detect any threats trying to use the vulnerability.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Android, Google, Security, Vulnerability
Advertisement

Related Stories

Popular Mobile Brands
  1. Samsung Galaxy Z Fold 8: What to Expect from Samsung's Wide Foldable
  2. Redmi Turbo 5 Review
  1. Tecno Camon 50 Ultra 5G India Launch Date Announced; Colourways and Amazon Availability Confirmed
  2. Apple Reportedly Reviews iPhone 17 Demand as Costs Rise Amid Ongoing Memory Shortage
  3. Interpol Traces $122 Million Crypto Wallet Connected to Romance Scam Network
  4. Hong Kong's Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms
  5. Itel Zeno 100 Pro India Launch Date Announced as Company Teases Zeno 100 Lite Arrival, Key Features
  6. Sony RX10 V Compact Camera Launched With 20.1-Megapixel Sensor, 4K 120fps Video Recording and 25x Optical Zoom
  7. Motorola Edge 70 Max India Launch Date Announced; Design, Key Features Revealed
  8. Asus Vivobook 14, Vivobook 15 Refreshed With Intel Core Series 3 Processors: Price, Availability
  9. Call of Duty: Black Ops and Black Ops 2 Ports Released on PS4 and PS5
  10. Samsung Galaxy Z Fold 8, Z Fold 8 Ultra Prices Surface Ahead of Unpacked Launch Event
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.