Mobile internet security firm Zimperium, which had unearthed the mother of all vulnerability, Android Stagefright bug back in April, has stumbled on another glitch, much severe than the previous one.
Android Stagefright 2.0:
The company calls the new bug as Android Stagefright 2.0, which has the capability to wreck havoc in smartphones just by previewing an mp3 audio file.
How Android Stagefright 2.0 can be triggered?
It is learnt that the bug can be triggered if the Android smartphone user goes to some unauthorised audio file sharing website and wants to listen to the MP3 or MP4 files. The user on pressing the play button will be guided to some other third-party URL link. There, a hacker can convince the unsuspecting user to download the music file riddled with malicious code.
Once the music is placed inside the phone, the hacker can remote access the phone and phish out sensitive data without the user ever getting to know that the device details have been compromised.
Which devices are vulnerable to Android Stagefright 2.0?
Android Stagefright 2.0 can affect Android 5.0 Lollipop and later version running smartphones.
Is Google aware of Android Stagefright 2.0?
Yes, Zimperium informed Google of the issue on 15 August. The search engine giant has responded positively by promptly escalating the bug by assigning the code 'CVE-2015-6602'.
The company says that the fix will be released in the upcoming 'Nexus Security Bulletin', scheduled for next week. But other smartphone brands will have to wait a little longer.
What's the temporary solution for Android Stagefright 2.0?
As of now, there is no actual solution to Android Stagefright, but to wait for software update from the manufacturers.
Until the security patch arrives, users are advised to avoid visiting unauthorised MP3 music websites and resist the temptation of downloading free music/videos.
We also like to remind people to exercise caution while installing third party applications to the smartphone.