- Zimperium Mobile Security announced on Monday, 27 July 2015 that VP of Platform Research and Exploitation, Joshua J. Drake (@jduck) found a vulnerability in the Android's core component Strangefright. The issue is supposed to affect 95% of Android phones
- "Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep".
- Zimperium reported the issue to Google that acted promptly and applied the patches to internal code branches within 48 hours. However the Android distribution/licensing model will make the update not immediately available to end users.
- Devices older than 18 months are unlikely to receive an update at all.
- More info on the Zimperium's blog
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.