STAGEFRIGHT Posts on XDA

It is time for Google to fix its Android Security Update Problem

If the largest, richest OEM does a terrible job and gets away with it, how can we expect any better of the rest of them? Samsung makes pretty good phones--great ones, even. They are also one of the few OEMs that actually profit on their device sales, and one of only two to make a sizable...

Director of Android Security: “Stagefright Had No Confirmed Cases of Infection”

Speaking at the RSA security conference in San Francisco, Director of Android Security Adrian Ludwig claimed that despite the Stagefright vulnerability putting more than 95% Android devices at risk, there were no confirmed cases of this bug being exploited in the wild. A similar story existed for the Masterkey vulnerability of 2013. This vulnerability affected potentially...

NorthBit Releases Metaphor Source on Github

NorthBit Advanced Software Research released on Thursday source code related to their Metaphor exploit of Stagefright to the public. Metaphor has been making its run through the news cycle due to the large footprint of devices likely affected. NorthBit estimated the number of affected devices was at least 235 million - those running 5.0 or 5.1....

Samsung Lists Devices To Receive Monthly Security Updates

A while ago, during the height of the Stagefright scare, major manufacturers made promises to provide monthly security patches. Samsung was amongst the ones who promised, and now, the OEM has launched a security focused blog intending to keep users up to date on the security updates that the company pushes out.Starting off, the website...

Unofficial Stagefright Patches For MT6752 & MT6732 Devices

We've previously talked about what Stagefright is, as well as given code demonstrations of Stagefright-like mistakes. Needless to say, such a large-scale vulnerability is considered a rather serious affair. The exploit was a wake-up call for several manufacturers and Google, most of whom woke up and rushed to protect their devices (and its users). But as...

A Demonstration of Stagefright-like Mistakes

Recent weeks have seen huge amounts of media attention on Stagefright, a C++-based component of the Android operating system, responsible for playing various different multimedia files. The Stagefright exploit (itself discussed in more detail in this article) was fundamentally a result of integer buffer overflows and underflows. While our previous article discussed this in a...

Stagefright Explained: The Exploit That Changed Android

One of the strongest points of Android has primarily been its open source nature, which allows for stakeholders to fork, modify and redistribute the OS in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the issues of malware and...