<div dir="ltr"><div>Dear All,<br><br>A new exploit for the vulnerability in android devices
named "Stagefright" has been announced.The Stagefright bug was
discovered by Joshua Drake from the Zimperium security firm, and was
publicly announced for the first time on <span class="" id="OBJ_PREFIX_DWT390_com_zimbra_date"><span class="" id="OBJ_PREFIX_DWT393_com_zimbra_date">July 27</span></span>, 2015. Prior to the announcement, Drake reported the bug to Google in <span class="" id="OBJ_PREFIX_DWT391_com_zimbra_date"><span class="" id="OBJ_PREFIX_DWT394_com_zimbra_date">April 2015</span></span>, which incorporated a related bugfix into its internal source code repositories two days after the report.In <span class="" id="OBJ_PREFIX_DWT392_com_zimbra_date"><span class="" id="OBJ_PREFIX_DWT395_com_zimbra_date">July 2015</span></span>,
Evgeny Legerov, a Moscow-based security researcher, announced that he
found at least two similar heap overflow zero-day vulnerabilities in the
Stagefright library, claiming at the same time that the library has
been already exploited for a while. Legerov also confirmed that the
vulnerabilities he discovered become unexploitable by applying the
patches Drake submitted to Google.<br><br>On the 17th <span class="" id="OBJ_PREFIX_DWT396_com_zimbra_date"><span class="" id="OBJ_PREFIX_DWT397_com_zimbra_date">March 2016</span></span> a
group of Israeli researchers cracked the challenge by crafting a
reliable exploit for the Stagefright vulnerability that emerged in
Android last year.<br>Millions of unpatched Android devices are
vulnerable to their crack, which bypasses Android's security defenses.
Visiting a hacker's webpage is enough to trigger a system compromise.<br>Stagefright
is the name of a software library used by Android to parse videos and
other media; it can be exploited by a booby-trapped message or webpage
to execute malicious code on vulnerable devices.<br><br>Certain mitigations
of the Stagefright bug exist for devices that run unpatched versions of
Android, including disabling the automatic retrieval of MMS messages and
blocking the reception of text messages from unknown senders. However,
these two mitigations are not supported in all MMS applications (the
Google Hangouts app, for example, only supports the former),and they do
not cover all feasible attack vectors that make exploitation of the
Stagefright bug possible by other means, such as by opening or
downloading a malicious multimedia file using the device's web browser.<br><br>Further
mitigation comes from some of the security features built into newer
versions of Android that may help in making exploitation of the
Stagefright bug more difficult; an example is the address space layout
randomization (ASLR) feature that was introduced in Android 4.0 "Ice
Cream Sandwich" and fully enabled in Android 4.1 "Jelly Bean".The latest
version of Android 5.1 "Lollipop" includes patches against the
Stagefright bug.<br><br></div>Cheers,<br><div><div><br><br><br><br><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><div><div><div dir="ltr"><div><div dir="ltr"><div><div style="font-size:small"><b>WISDOM DONKOR (S/N Eng.)</b><br></div><div style="font-size:small">ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation<br>OGP Working Group Member, Africa OD Working Group Member<br></div><span style="font-size:small">E-government and Open Government Data Platforms Specialist<br></span></div><div><div style="font-size:small"><div>National Information Technology Agency (NITA) <br></div><div>Ghana Open Data Initiative (GODI)</div><div>Post Office Box CT. 2439, Cantonments, Accra, Ghana</div><div>Tel; +233 20 812881</div><div>Email: <a href="mailto:wisdom_dk@hotmail.com" style="color:rgb(17,85,204)" target="_blank">wisdom_dk@hotmail.com</a><br></div><div><a href="mailto:wisdom.donkor@data.gov.gh" style="color:rgb(17,85,204)" target="_blank">wisdom.donkor@data.gov.gh</a><br></div><div><a href="mailto:wisdom.dk@gmail.com" style="color:rgb(17,85,204)" target="_blank">wisdom.dk@gmail.com</a><br></div><div>Skype: wisdom_dk</div><div>facebook: facebook@wisdom_dk<br></div><div>Website: <a href="http://www.nita.gov.gh/" style="color:rgb(17,85,204)" target="_blank">www.nita.gov.gh</a> / <a href="http://www.data.gov.gh/" style="color:rgb(17,85,204)" target="_blank">www.data.gov.gh</a><br></div><div><a href="http://www.isoc.gh/" style="color:rgb(17,85,204)" target="_blank">www.isoc.gh</a> / <a href="http://www.itag.org.gh/" style="color:rgb(17,85,204)" target="_blank">www.itag.org.gh</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div>