Security researchers at Trend Micro have exposed another flaw in the Android’s mediaserver component. It could be remotely exploited to install malware onto a target device by sending a specially crafted multimedia message.
The vulnerability (CVE-2015-3842) affects almost all versions of Android devices with the potential of putting hundreds of millions of devices open to hackers.
The security flaw involves a mediaserver component called AudioEffect. It uses an unchecked variable that comes from the client, normally an app. The vulnerability can be exploited by malicious apps, according to a Trend Micro security researcher.
All a hacker would need to do is convince their victim to install an app that doesn’t ask for “any required permissions, giving them a false sense of security.”
View full story