Stagefright refers to various security bugs that target a library of code within the Android mobile operating system. The libstagefright media library is a common element in Android versions 2.2 and higher, and flaws within the library tend to be integer overflows that can lead to potentially exploitable memory buffer overflow conditions.
The Stagefright Android exploit was discovered by the security firm Zimperium, which first publicly reported the exploit on July 21, 2015. The following month Google committed to releasing a new monthly update cycle for the Android operating system at the Black Hat USA conference.
Google issued the first monthly update for an initial batch of Stagefright-related bugs in August, 2015, followed by another patch released in October to address a second bundle of bugs dubbed Stagefright 2.0.
Stagefright Exploit Details and Device Protection Tips
The libstagefright library is typically used to help the Android mobile OS process video files and links to videos files that are sent via multimedia messages (MMS) and text messages. Because many messaging apps automatically process the videos so that they're ready to be viewed upon opening the message, the Android Stagefright exploit could be compromised without the user's knowledge.
The Stagefright exploit could potentially enable an attacker to gain access to the mobile device's camera, the Internet, all audio streams and Bluetooth administration. Despite hundreds of millions of Android devices operating with the flawed libstagefright library, there's no evidence at this time of the Stagefright exploit being compromised in the wild.
Android users are encouraged to upgrade their mobile devices to a more recent release of Android like Android Lollipop (5.1 and higher) that is supported by the device vendor and that contains patches for Stagefright. Users can also protect themselves by disabling the Auto Retrieve feature in messaging apps so that videos won't automatically load in the background and potentially infect the device.
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
List of free online Java courses for students and IT professionals looking to enhance their skills . Read More »SEO Dictionary
From keyword analysis to backlinks and Google search engine algorithm updates, our search engine optimization glossary lists 85 SEO terms you need... Read More »Slideshow: History of Microsoft Operating Systems
Microsoft Windows is a family of operating systems for personal computers. In this article we look at the history of Microsoft operating... Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »The 7 Layers of the OSI Model
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »