Israeli-based NorthBit has released a new research paper explaining a new way to exploit a weakness found in Stagefright, Android’s media server and multimedia library.
If a user accessed a malicious website, the vulnerability could allow hackers to have access to data and functions on a various versions of Android.
Hackers could effectively attack devices running Android versions 2.2 through 4.0,5.0 and 5.1, NorthBit said. The company has named its new exploit “Metaphor.”
The new attack is the most effective on Google’s Nexus 5 with stock ROM. It also works, with some modifications, on HTC’s One, LG’s G3 and Samsung’s S5, the company said.
Google has already patched the vulnerability twice before, after security company Zimperium found the original Stagefright flaws in early 2015.
The exploit has two weaknesses, Northbit found.
It has to use a different code for each type of phone in order to hijack it, thus, hackers would have create multiple versions of “Metaphor” to utilize it on a massive scale. Secondly, the latest version of Android, 6.0 Marshmallow, blocks “Metaphor.” Googles more recent October patch can block it on some older installs as well.
Source: GNA

