Connect with us

Hi, what are you looking for?



Android Stagefright Exploit Released

Enterprise mobile security firm Zimperium has published an exploit for one of the most critical Android Stagefright vulnerabilities disclosed this summer.

Enterprise mobile security firm Zimperium has published an exploit for one of the most critical Android Stagefright vulnerabilities disclosed this summer.

The existence of several serious vulnerabilities in Android’s libstagefright media library was brought to light in July by Zimperium. Experts initially estimated that the vulnerabilities, which affect all Android versions since 2.2, impacted roughly 950 million devices.

After the security firm’s initial disclosure of the bugs, several other researchers reported uncovering libstagefright and other mediaserver flaws.

The list of CVE identifiers assigned to Stagefright vulnerabilities includes CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3864 and CVE-2015-3829.

Google and other affected vendors released patches and Zimperium published a Stagefright detector app to help Android users determine if their devices are vulnerable.

The security firm announced on Wednesday that it has released a proof-of-concept exploit designed to show that CVE-2015-1538 can be exploited for remote code execution without user interaction. The exploit, available as a Python script, can be used by administrators, security teams and pentesters to determine if systems remain vulnerable or not, Zimperium said.

“This is one of the most critical vulnerabilities we reported in the Stagefright library. The expected result of the exploit is a reverse shell as the media user,” Zimperium explained in a blog post. “As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.”

Advertisement. Scroll to continue reading.

The company has pointed out that the exploit has only been tested on a Nexus device running Android 4.0.4 and it’s not 100 percent reliable by itself.

Shortly after the existence of the Stagefright vulnerabilities came to light, Google announced its intention to release monthly security updates for its Nexus devices. The August updates addressed many of the Stagefright flaws, but researchers soon discovered that the patch for CVE-2015-3824 was flawed.

Google has assigned CVE-2015-3864 to the new issue, which the company is expected to fix with the next round of updates.

The Stagefright vulnerabilities have had a negative impact on the already bad security reputation of the Android ecosystem. That is why several device vendors, including Samsung, LG and Motorola, have promised to step up their game and release regular security updates to ensure that users are protected.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.