Google has pushed out another fix for the Stagefright vulnerability, as the previous one was unable to fix the issue. The Stagefright vulnerability leaves hundreds of millions of Android devices in danger.
Over-the-air update for Nexus
On Thursday, Google said the latest fix has been sent to its partners. The Nexus line of devices, including the 4, 5, 6, 7, 9, 10, and the Nexus Player, will get an over-the-air update in September.
Joshua Drake of Zimperium, a mobile security firm, was the first to locate the Stagefright defect. The vulnerability can be used to infect the device with a specific multimedia message (MMS), so an attacker just needs the victim’s phone number. The internet firm sent out the first patch in an attempt to fix it last week.
A researcher with another security firm, Exodus Intelligence, claimed that the first patch to fix Stagefright was not foolproof as the malicious MP4 file he designed could still evade the fix. The security firm informed Google of this on Aug. 7 but did not get a response, so it decided to make the flaw public, Exodus Vice President Aaron Portnoy said in a blog post. Later, Google acknowledged Exodus’ report. Such behavior was very unlikely from a company like Google, which has a big security staff, said Portnoy. “
If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?” Portnoy said, adding that he was surprised the Internet firm was not able to fix the issue with the first patch.
Google promises regular updates
After millions of device were left vulnerable by Stagefright, Google said at the Black Hat security conference earlier this month that it would release security patches for Android devices on a monthly basis. Other major tech firms such as Oracle, Adobe System, Microsoft and others have been issuing regular security patches for years now.
When it comes to mobile devices, operators play a vital role in distributing patches, says a report from PC World. Google has been sending patches to mobile operators for the last three years, but it is up to the operators to forward the patches to their users. Major Android backers such as Samsung and LG are working with carrier partners to distribute the monthly patches.