How the Vulnerability Works?
The security flaw involves a mediaserver component called AudioEffect and uses an unchecked variable that comes from the client, usually an app.
According to a security researcher from Trend Micro, the vulnerability can be exploited by malicious apps.
All a hacker need to do is to convince the victim to install an app that does not ask for «any required permissions, giving them a false sense of security.»
«The checking of the buffer sizes of pReplyData and pCmdData is not correct,» researchers wrote in a blog post published Monday.
«As the mediaserver component uses these buffers… the mediaserver component assumes the buffer sizes of pReplyData and pCmdData are bigger than this size. We can make the buffer size of pReplyData, which is client-supplied, smaller than the size read from the buffer pCmdData. This causes a heap overflow.»
The researchers have also developed a proof-of-concept (PoC) malicious app that exploits the flaw. They tested their app on a Nexus 6 handset running Android 5.1.1 Build LMY47Z.
Once installed on the device, the app crashes the Android’s mediaserver component by overflowing the buffer pReplyData in the heap. However, if the mediaserver component does not crash, the POC app will be closed and run again.
When will I expect a Fix?
So far, there isn’t any indication of active attacks against this vulnerability, but researchers said that the flaw could be exploited to provide full control of the target device.
Google has fixed the issue, but given the shaky history of device manufacturers and carriers rolling out patches, it is not known how long the companies will take to update the vulnerable devices.
Tomado de: http://thehackernews.com/2015/08/hacking-android-devices.html
Se respetan Derechos de Autor.