Connect with us

Hi, what are you looking for?



Google Patches DoS Vulnerability Affecting Most Android Devices

Researchers at Trend Micro have reported finding a second denial-of-service (DoS) vulnerability in Android’s “mediaserver” component.

Researchers at Trend Micro have reported finding a second denial-of-service (DoS) vulnerability in Android’s “mediaserver” component.

According to the security firm, the affected service is present in Android 4.0.1 Jelly Bean through 5.1.1 Lollipop. As of August 3, roughly 95 percent of Android devices were running vulnerable versions of the operating system. Furthermore, experts noted that devices with customized versions of Android that run the same mediaserver are also impacted.

The vulnerability (CVE-2015-3823) is caused by an integer overflow that is triggered when mediaserver processes a malformed MKV video file. The issue causes affected Android devices to enter an endless loop when reading video frames.

Trend Micro says an attacker can exploit the vulnerability by getting users to install an app or by tricking them into visiting a website. In the first scenario, the attacker gets mediaserver to process a specially crafted MKV file via the app, causing the system to slow down until it reboots or until it has no battery left. In this case, the service continues to loop until system resources or the battery are exhausted even if the malicious app is terminated.

In the second scenario, the malicious MKV file is embedded into an HTML page and the exploit is triggered when the user starts playing the video file.

In a worst case scenario, the attacker can program the malicious app to start at boot, which would cause the device to enter an endless reboot loop, researchers said.

“This endless reboot may render Android devices unusable unless the devices are opened in safe mode and the app is removed,” Wish Wu, mobile threat response engineer at Trend Micro, said in a blog post. “Getting rid of the app is quite problematic. It may be difficult to locate the app once downloaded. Attackers may opt to keep it hidden and silent for a long time and only trigger the attack days or months later. Users may believe it is not installed and attribute the reboots to problems in the Android system.”

Advertisement. Scroll to continue reading.

The security firm says it hasn’t seen any attacks exploiting this vulnerability.

Trend Micro reported the issue on May 19 to the Android security team, which classified it as a “moderate severity” vulnerability two days later.

Google informed Trend Micro of the availability of a fix on July 31. However, due to Android’s fragmented ecosystem and the reliance on device manufacturers and carriers to push security updates, it will take some time until the patch reaches most users. Furthermore, the owners of older devices might never receive the patch.

This is the second Android vulnerability related to the mediaserver component identified by researchers at Trend Micro. Last week, the company announced finding a similar flaw, but Google classified it as “low severity” and it has not been fixed.

Far more serious vulnerabilities related to the handling of video files were discovered by researchers at mobile security firm Zimperium. Experts identified a series of flaws in the Stagefright media library that can be exploited for remote code execution. The security bugs are believed to affect as many as 950 million devices.

What makes these vulnerabilities dangerous is the fact that they can be easily exploited. For example, an attacker can execute arbitrary code on a device simply by sending the targeted user an MMS message with a specially crafted media file.

One of the Stagefright vulnerabilities was reported independently to Google by Trend Micro.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.