A potential hacker could compromise Android devices by tricking users into visiting maliciously-crafted Web pages.
The bugs affect more than one billion Android devices in circulation as of today.
Google has been messy with the patches for Stagefright and as of now only Nexus smartphones/tablets have been patched.
An attacker would use a specially crafted MP3 or MP4 file in this case to exploit the vulnerabilities.
Its a library that was written very badly, Avraham said of Stagefright.
The library itself is pretty vulnerable; it has a lot of code mistakes.
The media processing is not as safe as it should be.
One of the vulnerabilities which is found in the core Android library calledlibutilshas been assigned CVE-2015-6602.
The libstagefright issue affects apps that utilize Androids multimedia APIs, which call into the library.
Googles statement is given below :
As announced in August, Android is using a monthly security update process.
source: www.techworm.net
