DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 15, 2019 
Main Menu
News archives

Who's Online
There are currently 210 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

950 million Android devices vulnerable to MP4 buffer overflow attack

Posted on Monday, August 17 2015 @ 18:38:23 CEST by

Android logo
Late last month news hit the web about a remote code execution exploit that affected as many as 950 million phones running Google's Android operating system. The attack was called Stagefright, it enabled an attacker to infect a phone via a single MMS message but was supposedly patches by Google and Samsung in early August.

Unfortunately, The Tech Report writes Android devices are still at risk because the patch for the Stagefright security bugs did not fully protect devices. It appears it's still possible to create a buffer overflow and execute code via a malformed MP4 file:
The Exodus blog post walks through the vulnerability. A function in libStagefright reads two values from an MP4 file's header, chunk_size and chunk_type, as 32-bit integers. If the header returns a value of 0x01 for chunk_size, then a 64-bit value is read from the MP4 instead. According to the researchers, if an MP4 is crafted with a chunk size of 0x1fffffff (or any other value outside the bounds of a 32-bit integer), a flaw in the Stagefright patch's boundary-checking code means it's still possible to cause a buffer overflow.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba