Home Security Android Media Framework Flaw Might Get Telephones Hacked By Movies

Android Media Framework Flaw Might Get Telephones Hacked By Movies

by ethhack

Most smartphone customers love to look at harmless movies of infants, pets, and different cute moments. Curiously, the hackers additionally wish to share movies with you. Nevertheless, additionally they want to have your cellphone’s entry in return. Reportedly, hackers may exploit an Android Media Framework flaw to realize entry to your cellphone just by taking part in a malicious video.

Android Media Framework Flaw

A researcher has not too long ago disclosed the exploit for an Android Media Framework flaw. As revealed, a important distant code execution vulnerability (CVE-2019-2107) affected the Android techniques. Exploiting the flaw may let an attacker take management of the system.

To take advantage of the flaw, an attacker may merely ship a maliciously crafted video to the goal system. A German developer, Marcin Kozlowski, has shared a proof-of-concept on GitHub demonstrating the assault. As said by Kozlowski,

With CVE-2019-2107 the decoder/codec runs underneath mediacodec consumer and with correctly “crafted” video (with tiles enabled – ps_pps->i1_tiles_enabled_flag) you’ll be able to presumably do RCE.

Nevertheless, the assault might not work if the video reaches the sufferer’s system through an IM app like WhatsApp. Nor the video would exploit the flaw if reached via Fb Messenger or Twitter, and even performed through YouTube. It’s as a result of these providers usually re-encode media information or compress movies. This, in flip, garbles the malicious code embedded inside the video.

New Android Units Weak

Happily, Google has already patched the vulnerability. It rolled-out the repair with the Android July updates launched earlier this month.

Google deemed this vulnerability as ‘important’ that affected Android variations 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Describing the flaw in Android Media Framework, Google said,

Probably the most extreme of those points is a important safety vulnerability in Media framework that would allow a distant attacker utilizing a specifically crafted file to execute arbitrary code inside the context of a privileged course of.

Whereas the repair is already out, customers should guarantee to maintain their units up to date to keep away from any such assaults because the exploit can be now publicly obtainable. Moreover one ought to be certain to keep away from taking part in movies from untrusted sources to remain protected.

Tell us your ideas within the feedback.

The next two tabs change content material under.
Avatar
Abeerah has been a passionate blogger for a number of years with a specific curiosity in the direction of science and expertise. She is loopy to know every thing in regards to the newest tech developments. Figuring out and writing about cybersecurity, hacking, and spying has at all times enchanted her. When she shouldn’t be writing, what else could be a higher pastime than internet browsing and staying up to date in regards to the tech world! Attain out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment

deneme bonusu veren sitelerbahis casinomakrobetceltabetpinbahispolobetpolobet girişpinbahis girişmakrobet girişpulibet girişmobilbahis girişkolaybet giriş