Another day, another critical Android vulnerability. This time, it might be slightly less serious than Stagefright but still enough to be worrisome. Popular security Trend Mirco came upon this vulnerability in Android’s mediaserver component that, when given a malformed MKV media file, could render the device unresponsive and completely silent, practically locking out the user from his or her device. The one slight good news is that this exploit requires installing a malicious app or visiting a suspicious website, which, sadly, isn’t that hard to get users to do.
Like many vulnerabilities, this one involves overflowing data buffers beyond their secure limits, giving hackers access to restricted parts of a system’s memory and modifying how the system normally works. In this case, this behavior is triggered when mediaserver scans a malformed MKV video file, which it isn’t setup to handle. This makes the service crash and take down the rest of the system with it.
In practice, this means two things. First, no notification or sound can be heard. They can’t even accept a call or hear other parties. The second is that it could make the system slow down to a halt and become unresponsive. If the phone is locked when that happens, there is no way to unlock it.
Unlike Stagefright, this vulnerability requires more action on the part of the user, like visiting a website that autoplays such a video file or installing a malicious app, usually one that masquerades as a legit app. The latter is a more serious case as the app can set itself to autostart, in which case the phone crashes immediately upon boot. History has proven that it isn’t that difficult to convince users to do either action.
Trend Micro has reported the bug to Google in May but says that no patch has been written to fix it. In fact, Google seems to have labeled the vulnerability as low priority. Given that context, plus the fact that updates can take even months to get from Google to OEM to carrier to user, one can expect that this security hole will remain open for some time.
SOURCE: Trend Micro