Du vil i hvert fald blive populær ;)

Ser ud til at minimum én af de officielle patches ikke leverer varen. Og der er udsigt til flere sårbarheder i Stagefright.

Citer:Stagefright Patch Incomplete and............

A patch distributed by Google for the infamous Stagefright vulnerability found in 950 million Android devices is incomplete and users remain exposed to simple attacks targeting the flaw. Researchers at Exodus Intelligence discovered the issue in one of the patches submitted by Zimperium zLabs researcher Joshua Drake.

http://slashdot.org/story/298085

Original Exodus Blog-Post:
http://blog.exodusintel.com/2015/08/13/s...omplished/

Nu er der kommet PoC-script til at afprøve denne exploit, går selv igang med det samme - men ville da lige opdatere jer som ikke har set det :)
Sauce
PoC - python

Så det også lige på v2.
Nu mangler vi bare, at de resterende researchers udgiver deres infoleaks, så det bliver rigtig alvor.
Tester dog også i aften for en sikkerheds skyld.

Det er absolut ikke slut endnu.

Citer:Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. We plan to share CVE information for the second vulnerability as soon as it is available.

https://blog.zimperium.com/zimperium-zla...mp4-media/

MP3 os nu? Damn nu bliver der farligt for dem!