Η Google φέρεται να έχει επιδιορθώσει ακόμη ένα σφάλμα ασφαλείας που επηρεάζει σχεδόν όλες τις εκδόσεις του Android από την 2.3 έως και την 5.1.1. Σύμφωνα με την εταιρεία ασφαλείας Trend Micro η ευπάθεια θα μπορούσε να χρησιμοποιηθεί για την κατάχρηση της ιδιωτικής ζωής των ιδιοκτητών της συσκευής.
The bug will most likely be fixed in a subsequent Google security update on Appliances nexus.
The bug could allow a hacker to abuse the preletterAndroid Mediaserver to spy on device owners.
It can also add a large list of vulnerabilities resulting from this particular Android feature, which was at the root of one of the seven bugs in the Stagefright media library.
Trend Micro researcher, Wish Wu he stressed yesterday that Google has added a solution to the latest bug, also known as CVE-2015-382, in the code of the Android Open Source Project 1 of August.
Google itself reports the flaw as being of the highest severity.
Unlike Stagefright, which will be exploitable by simply sending one malicious media file on Android devices, in this case an attacker would have to trick their victims into installing a malicious app.
If this is achieved, "the attacker will be able to execute code with the same rights that Mediaserver already has as part of its normal routine," Wu said.
“Since the Mediaserver feature handles many media-related tasks, including taking photos, reading files MP4, and video recording, the victim's privacy may be at immediate risk," he added.
Trend Micro also revealed a minority defect that again affects Mediaserver and could be used to make a device perform endless restarts.
Let's say that Android security no longer inspires any confidence especially from the revelation of Stagefright onwards.
Google has since released bug fixes on August 5, but immediately after admitting that the solution does not completely repair the weaknesses and promised to release another update in September.
