Project

General

Profile

Stagefright MMS vulnerability

Added by T M over 4 years ago

Some interesting news going to be coming out of defcon next week...

http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/


Replies (7)

RE: Stagefright MMS vulnerability - Added by My Self over 4 years ago

Thanks for that hint. I was on it already and opened a ticket now: http://redmine.replicant.us/issues/1287
(I don't have too much time at the moment and hope I'll able to see to it next week, or so).

RE: Stagefright MMS vulnerability - Added by My Self over 4 years ago

Thanks again.
I've tested Replicant 4.2 against a manipulated video file (found here: http://security.stackexchange.com/a/95680) a few days ago.
This was possible, because a chinese blog has leaked more details about the vulnerability, one week before: https://translate.google.com/translate?hl=de&sl=zh-CN&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F7557
Finally (yesterday) I could test with that detector-tool app and test-video files (provided by Zimperium), too.
The result is, that Replicant seems to be vulnerable to that kind of attacks - even without using proprietary video accelerators.
The media server crashes, logcat records, with the stock 'gallery' video player and alternatively with the current VLC, too.

I'll try to look into the round about 13 stagefright patches,

ASAP...

RE: Stagefright MMS vulnerability - Added by My Self over 4 years ago

PS: be aware of (trojan) fake security updates like the "CVE-2015-1538.apk".
More informations: https://cispa.saarland/index.html%3Fp=3985.html
Analysis of that app: https://anubis.iseclab.org/?action=result&task_id=1978e711f0e2ddab4612029f77758f3eb&format=html

RE: Stagefright MMS vulnerability - Added by My Self over 4 years ago

The ticket (http://redmine.replicant.us/issues/1287) has got another update (about the "new" CVE-2015-3864 vulnerability)...

RE: Stagefright MMS vulnerability - Added by My Self over 4 years ago

If somebody is interested on, a little update to that topic:
http://arstechnica.com/security/2015/09/googles-own-researchers-challenge-key-android-security-talking-point/
with some interesting details to the ASLR (address space layout randomization) technology on Android...

    (1-7/7)