Stagefright refers to various security bugs that target a library of code within the Android mobile operating system. The libstagefright media library is a common element in Android versions 2.2 and higher, and flaws within the library tend to be integer overflows that can lead to potentially exploitable memory buffer overflow conditions.
The Stagefright Android exploit was discovered by the security firm Zimperium, which first publicly reported the exploit on July 21, 2015. The following month Google committed to releasing a new monthly update cycle for the Android operating system at the Black Hat USA conference.
Google issued the first monthly update for an initial batch of Stagefright-related bugs in August, 2015, followed by another patch released in October to address a second bundle of bugs dubbed Stagefright 2.0.
Stagefright Exploit Details and Device Protection Tips
The libstagefright library is typically used to help the Android mobile OS process video files and links to videos files that are sent via multimedia messages (MMS) and text messages. Because many messaging apps automatically process the videos so that they're ready to be viewed upon opening the message, the Android Stagefright exploit could be compromised without the user's knowledge.
The Stagefright exploit could potentially enable an attacker to gain access to the mobile device's camera, the Internet, all audio streams and Bluetooth administration. Despite hundreds of millions of Android devices operating with the flawed libstagefright library, there's no evidence at this time of the Stagefright exploit being compromised in the wild.
Android users are encouraged to upgrade their mobile devices to a more recent release of Android like Android Lollipop (5.1 and higher) that is supported by the device vendor and that contains patches for Stagefright. Users can also protect themselves by disabling the Auto Retrieve feature in messaging apps so that videos won't automatically load in the background and potentially infect the device.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »