New Android vulnerabilities put over a billion devices at risk of remote hacking

Newly discovered vulnerabilities in the way Android processes media files can allow attackers to compromise devices by tricking users into visiting maliciously-crafted Web pages.

The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report scheduled to be published Thursday.

The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.

To read this article in full or to leave a comment, please click here