Stagefright MMS vulnerability
Added by T M almost 10 years ago
Some interesting news going to be coming out of defcon next week...
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
Replies (7)
RE: Stagefright MMS vulnerability - Added by My Self almost 10 years ago
Thanks for that hint. I was on it already and opened a ticket now: http://redmine.replicant.us/issues/1287
(I don't have too much time at the moment and hope I'll able to see to it next week, or so).
RE: Stagefright MMS vulnerability - Added by robin p over 9 years ago
I saw this today, linked from slashdot:
https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/
https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Stagefright-Patches.zip
it contains patches for the stagefright flaws. maybe useful here, or not?
RE: Stagefright MMS vulnerability - Added by My Self over 9 years ago
Thanks again.
I've tested Replicant 4.2 against a manipulated video file (found here: http://security.stackexchange.com/a/95680) a few days ago.
This was possible, because a chinese blog has leaked more details about the vulnerability, one week before: https://translate.google.com/translate?hl=de&sl=zh-CN&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F7557
Finally (yesterday) I could test with that detector-tool app and test-video files (provided by Zimperium), too.
The result is, that Replicant seems to be vulnerable to that kind of attacks - even without using proprietary video accelerators.
The media server crashes, logcat records, with the stock 'gallery' video player and alternatively with the current VLC, too.
- 12 from here: https://android-review.googlesource.com/#/c/162630/
(which are [more or less!] the same as Zimperium provides (as zip bundle: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Stagefright-Patches.zip) - and probably one more: https://android-review.googlesource.com/#/c/162878/
ASAP...
RE: Stagefright MMS vulnerability - Added by My Self over 9 years ago
The ticket (http://redmine.replicant.us/issues/1287) has got an update...
RE: Stagefright MMS vulnerability - Added by My Self over 9 years ago
PS: be aware of (trojan) fake security updates like the "CVE-2015-1538.apk".
More informations: https://cispa.saarland/index.html%3Fp=3985.html
Analysis of that app: https://anubis.iseclab.org/?action=result&task_id=1978e711f0e2ddab4612029f77758f3eb&format=html
RE: Stagefright MMS vulnerability - Added by My Self over 9 years ago
The ticket (http://redmine.replicant.us/issues/1287) has got another update (about the "new" CVE-2015-3864 vulnerability)...
RE: Stagefright MMS vulnerability - Added by My Self over 9 years ago
If somebody is interested on, a little update to that topic:
http://arstechnica.com/security/2015/09/googles-own-researchers-challenge-key-android-security-talking-point/
with some interesting details to the ASLR (address space layout randomization) technology on Android...