gfxgfx
 
Please login or register.

Login with username, password and session length
logo
 
gfx gfx
gfx
3534 Posts in 238 Topics by 30 Members - Latest Member: Kodiac November 25, 2024, 09:46:35 am
*
Sorry, you must be logged in to use the shoutbox!
gfx* Home | Help | Search | Calendar | Login | Register | Site | gfx
gfx
Server Admins  |  General Category  |  Geek / Games Discussion  |  Android Vulnerability!!
gfx
gfxgfx
 

Author Topic: Android Vulnerability!!  (Read 9394 times)

0 Members and 2 Guests are viewing this topic.

Offline KT 💣 KλBoƠM

  • Security
  • Spam Fighter
  • *
  • Posts: 1525
  • Age: 51
  • Location: Canada
  • Karma: +1974/-0
  • Gender: Female
  • 🇨🇦 🤦🏽‍♀️💣💥
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • Firefox 39.0 Firefox 39.0
Android Vulnerability!!
« on: August 01, 2015, 06:28:57 am »
Android Stagefright contains multiple vulnerabilities

Vulnerability Note VU#924951

Original Release date: 28 Jul 2015 | Last revised: 29 Jul 2015

http://www.kb.cert.org/vuls/id/924951

Quote
Overview

Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright contains multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

Description

According to a Zimperium zLabs blog post, Android's Stagefright engine contains seven different vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability appears to affect all versions of Android from 2.2 (Froyo) and to at least Android 5.1.1_r5 (Lollipop). ZDNET reports that the feature that makes the vulnerability more severe "appears to be that to reduce video viewing lag time Stagefright automatically processes the video before you even think about watching it."

An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.

According to patches (see patch one, two, three), the vulnerabilities appear to be multiple integer overflows and underflows, and improper integer overflow checks. Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."

Full details are currently not available.

Impact

A remote attacker may be able to execute code on the Android device.

Read MORE on what to do about this here:

http://www.kb.cert.org/vuls/id/924951
KaTiE 💣 KaBo0M!

Motherboard: MSI bazooka b360m MATX (MS-7B24)
CPU: Intel Core i5-8400
GPU: NVIDIA GeForce RTX 2060 SUPER
RAM: 16325 Mb A-Data Technology DDR4 @ 2,394 MH
Monitor: 24 inch Dell ST2420L(HDMI) 1920 x 1080 @ 60 Hz
Case: Apevia X-HERMES-BL ATX Mid Tower PC Gaming Case with 5 2 Fans, Large Blue Tinted Side Window, Front USB2.0/USB3.0/Audio Ports, Hard Drive Hot-Swap Bay - Black/Blue

EmojiPedia is good for copy paste emoticons

KT`s ShoutBox!

Offline KT 💣 KλBoƠM

  • Security
  • Spam Fighter
  • *
  • Posts: 1525
  • Age: 51
  • Location: Canada
  • Karma: +1974/-0
  • Gender: Female
  • 🇨🇦 🤦🏽‍♀️💣💥
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • Firefox 39.0 Firefox 39.0
KaTiE 💣 KaBo0M!

Motherboard: MSI bazooka b360m MATX (MS-7B24)
CPU: Intel Core i5-8400
GPU: NVIDIA GeForce RTX 2060 SUPER
RAM: 16325 Mb A-Data Technology DDR4 @ 2,394 MH
Monitor: 24 inch Dell ST2420L(HDMI) 1920 x 1080 @ 60 Hz
Case: Apevia X-HERMES-BL ATX Mid Tower PC Gaming Case with 5 2 Fans, Large Blue Tinted Side Window, Front USB2.0/USB3.0/Audio Ports, Hard Drive Hot-Swap Bay - Black/Blue

EmojiPedia is good for copy paste emoticons

KT`s ShoutBox!

Offline Sandman[SA]

  • Head Admin
  • Administrator
  • *
  • Posts: 1839
  • Age: 57
  • Location: Philadelphia PA
  • Karma: +14/-0
  • Gender: Male
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • MS Internet Explorer 11.0 MS Internet Explorer 11.0
    • The Server Admins
Re: Android Vulnerability!!
« Reply #2 on: August 01, 2015, 06:43:19 pm »
Old news actually.  It was somewhat similar to a vulnerability found in windows media player 6.x.  Strange that is still not been addressed.


Motherboard: ASUS ROG Strix Z390-E Gaming
CPU: Intel Core i9-9900K
GPU: Powercolor Liquid Devil RX 6900 XT
RAM: 65536 Mb G-Skill Trident-Z DDR4 @ 3,200 MH
Storage: WD Black SN750 1Tb PCIe Gen 3 NVME M.2 Main.  Corsair MP510 4Tb PCIe Gen 3 NMVE M.2 Secondary. 
Monitor: Dual 34-inch 1800R Curved LG Ultrawide 3440 x 1440 @ 160 Hz QHD IPS
Case: Lian-Li 011 Dynamic XL Case (black) with 7 Lian-Li Unifan SL120 V2
Cooling: EKWB full custom water-cooling loop with 2 360mm radiators

Offline KT 💣 KλBoƠM

  • Security
  • Spam Fighter
  • *
  • Posts: 1525
  • Age: 51
  • Location: Canada
  • Karma: +1974/-0
  • Gender: Female
  • 🇨🇦 🤦🏽‍♀️💣💥
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • Firefox 39.0 Firefox 39.0
Re: Android Vulnerability!!
« Reply #3 on: August 03, 2015, 10:34:35 am »
Old news actually.  It was somewhat similar to a vulnerability found in windows media player 6.x.  Strange that is still not been addressed.

Seems people still think cell phones are not like computers and are some how immune to any security vulnerabilities? Who knows.
KaTiE 💣 KaBo0M!

Motherboard: MSI bazooka b360m MATX (MS-7B24)
CPU: Intel Core i5-8400
GPU: NVIDIA GeForce RTX 2060 SUPER
RAM: 16325 Mb A-Data Technology DDR4 @ 2,394 MH
Monitor: 24 inch Dell ST2420L(HDMI) 1920 x 1080 @ 60 Hz
Case: Apevia X-HERMES-BL ATX Mid Tower PC Gaming Case with 5 2 Fans, Large Blue Tinted Side Window, Front USB2.0/USB3.0/Audio Ports, Hard Drive Hot-Swap Bay - Black/Blue

EmojiPedia is good for copy paste emoticons

KT`s ShoutBox!

Offline Sandman[SA]

  • Head Admin
  • Administrator
  • *
  • Posts: 1839
  • Age: 57
  • Location: Philadelphia PA
  • Karma: +14/-0
  • Gender: Male
  • Operating System:
  • Windows 7/Server 2008 R2 Windows 7/Server 2008 R2
  • Browser:
  • MS Internet Explorer 11.0 MS Internet Explorer 11.0
    • The Server Admins
Re: Android Vulnerability!!
« Reply #4 on: August 03, 2015, 08:22:27 pm »
Well, think about that one for a second.  #1, android OS is derived from what OS?  Linux.  Linux for the most part is free, open source software.  And people usually think that since Linux is free, why would anyone want to hack it?  #2, a lot of people are not fully aware of how a computer can be infected by a virus.  And a smartphone is essentially a hand held computer that can also make and receive calls.  Basically, it all boils down to ignorance.


Motherboard: ASUS ROG Strix Z390-E Gaming
CPU: Intel Core i9-9900K
GPU: Powercolor Liquid Devil RX 6900 XT
RAM: 65536 Mb G-Skill Trident-Z DDR4 @ 3,200 MH
Storage: WD Black SN750 1Tb PCIe Gen 3 NVME M.2 Main.  Corsair MP510 4Tb PCIe Gen 3 NMVE M.2 Secondary. 
Monitor: Dual 34-inch 1800R Curved LG Ultrawide 3440 x 1440 @ 160 Hz QHD IPS
Case: Lian-Li 011 Dynamic XL Case (black) with 7 Lian-Li Unifan SL120 V2
Cooling: EKWB full custom water-cooling loop with 2 360mm radiators

Server Admins  |  General Category  |  Geek / Games Discussion  |  Android Vulnerability!!
 

gfxgfx
gfx
SMF 2.0.6 | SMF © 2013, Simple Machines
Copyright © 2000-2024 Server Admins All Rights Reserved.
Page created in 0.227 seconds with 20 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!