Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches DoS Vulnerability Affecting Most Android Devices

Researchers at Trend Micro have reported finding a second denial-of-service (DoS) vulnerability in Android’s “mediaserver” component.

Researchers at Trend Micro have reported finding a second denial-of-service (DoS) vulnerability in Android’s “mediaserver” component.

According to the security firm, the affected service is present in Android 4.0.1 Jelly Bean through 5.1.1 Lollipop. As of August 3, roughly 95 percent of Android devices were running vulnerable versions of the operating system. Furthermore, experts noted that devices with customized versions of Android that run the same mediaserver are also impacted.

The vulnerability (CVE-2015-3823) is caused by an integer overflow that is triggered when mediaserver processes a malformed MKV video file. The issue causes affected Android devices to enter an endless loop when reading video frames.

Trend Micro says an attacker can exploit the vulnerability by getting users to install an app or by tricking them into visiting a website. In the first scenario, the attacker gets mediaserver to process a specially crafted MKV file via the app, causing the system to slow down until it reboots or until it has no battery left. In this case, the service continues to loop until system resources or the battery are exhausted even if the malicious app is terminated.

In the second scenario, the malicious MKV file is embedded into an HTML page and the exploit is triggered when the user starts playing the video file.

In a worst case scenario, the attacker can program the malicious app to start at boot, which would cause the device to enter an endless reboot loop, researchers said.

Advertisement. Scroll to continue reading.

“This endless reboot may render Android devices unusable unless the devices are opened in safe mode and the app is removed,” Wish Wu, mobile threat response engineer at Trend Micro, said in a blog post. “Getting rid of the app is quite problematic. It may be difficult to locate the app once downloaded. Attackers may opt to keep it hidden and silent for a long time and only trigger the attack days or months later. Users may believe it is not installed and attribute the reboots to problems in the Android system.”

The security firm says it hasn’t seen any attacks exploiting this vulnerability.

Trend Micro reported the issue on May 19 to the Android security team, which classified it as a “moderate severity” vulnerability two days later.

Google informed Trend Micro of the availability of a fix on July 31. However, due to Android’s fragmented ecosystem and the reliance on device manufacturers and carriers to push security updates, it will take some time until the patch reaches most users. Furthermore, the owners of older devices might never receive the patch.

This is the second Android vulnerability related to the mediaserver component identified by researchers at Trend Micro. Last week, the company announced finding a similar flaw, but Google classified it as “low severity” and it has not been fixed.

Far more serious vulnerabilities related to the handling of video files were discovered by researchers at mobile security firm Zimperium. Experts identified a series of flaws in the Stagefright media library that can be exploited for remote code execution. The security bugs are believed to affect as many as 950 million devices.

What makes these vulnerabilities dangerous is the fact that they can be easily exploited. For example, an attacker can execute arbitrary code on a device simply by sending the targeted user an MMS message with a specially crafted media file.

One of the Stagefright vulnerabilities was reported independently to Google by Trend Micro.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.