One vulnerability named Stagefright, could allow attackers to gain access to Android devices, while the other can make an Android device appear dead.
SINGAPORE: A major vulnerability named Stagefright has been found in the Android operating system, the Singapore Computer Emergency Response Team (SingCERT) said in an advisory on its website on Wednesday (Jul 29). SingCERT said a malicious media file can be crafted and deliverted to a user’s mobile phone via the Multimedia Messaging System (MMS) to download and execute “malicious codes” without requiring any user interaction. Users with devices using Android OS 2.2 and above are vulnerable, it added. SingCERT also said that Google Nexus users should install patches for therir devices as soon as they are available, while users who use non-Google Nexus Android devices should check with their respective manufacturers for available patches. “As an interim protective measure, users should exercise caution and not download media files sent via MMS and should deactivate the auto retrieval feature for MMS until such time when the patches for their devices are available,” SingCERT said. Telco M1 also posted a warning on its Facebook page on Thursday. It said an attacker using Stagefright may be able to gain access to Android smartphones by sending users a malicious multimedia message. It recommended that users block messages from unknown senders and disable the “Auto Retrieve” function for multimedia messages. *SECOND VULNERABILITY: ANDROID DEVICES APPEAR DEAD* Separately, security software firm Trend Micro said it discovered a vulnerability in Android that can make a phone appear dead. It will go silent, will be unable to make calls and have a lifeless screen. The phone will not ring and texts and notifications will not show up either. Trend Micro said this vulnerability is present from Android 4.3 (Jelly Bean) to the current version, Android 5.1.1 (Lollipop), adding that no patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix it. This vulnerability can be exploited in two ways - either via a malicious app installed on the device, or through a specially-crafted website, according to Trend Micro. "The first technique can cause long-term effects to the device – an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs," Trend Micro said, adding that this vulnerability is similar to the above-mentioned Stagefright vulnerability. Trend Micro added that it recommends users who have been affected to restart their device in safe mode. LINK: http://www.channelnewsasia.com/news/singapore/stagefright-among-2/2017814.html -- ========== Belanja Aplikasi Android Pakai Pulsa Indosat Info >> http://indosat.com/id/personal/hiburan-asik/carrier-billing ---------------------- Gunakan layanan Hosting Indonesia yang stabil, terjangkau dan aman Kunjungi >> http://www.Qwords.com ---------------------- Hanya dengan 500ribu bisa jadi reseller delcell. Hubungi: [email protected] ---------------------- Bass Audio Headphone Store, Toko Headphone Earphone Terlengkap Kunjungi >> http://bassaudio.net ---------------------- Kontak Admin, Twitter @agushamonangan ----------------------- FB Groups : https://www.facebook.com/groups/android.or.id Aturan Umum ID-ANDROID >> goo.gl/mL1mBT ========== --- Anda menerima pesan ini karena Anda berlangganan grup "[id-android] Indonesian Android Community" dari Google Grup. Untuk berhenti berlangganan dan berhenti menerima email dari grup ini, kirim email ke [email protected]. Kunjungi grup ini di http://groups.google.com/group/id-android.
