Android and then exposed the new vulnerability: remote causing the user can not receive calls-vulnerability warning-the black bar safety net

ID MYHACK58:62201565317
Type myhack58
Reporter 佚名
Modified 2015-08-03T00:00:00


! This week is is the Android device the“Black week”, a few days ago has just been broke Stagefight media library on there worth a“heart blood”of high-risk vulnerabilities, this two-day security researchers then aeration may be the remote cause of the Android device is not properly connected to the phone the latest vulnerabilities. Vulnerability overview Trend Micro security researchers on the Android device of the mediaserver service on the discovered an integer overflow vulnerability that can be remotely resulting in more than 5 global 5% of the Android phones crash, even the most basic of the call to answer the phone. Android 4.3 Jelly Bean and after that all versions are affected, including Android 5.1.1 Lollipop, so much so that millions of Android users are likely to be hacked. ! How to use? A hacker by the following two ways of using this vulnerability: 1. By a malicious Android app 2. By a specially constructed website The easiest way is to lure the security problems of Android phones to a trap site. If it is because this method makes the mobile phone no reaction, just restart the phone can be restored to normal. However, on Wednesday, Trend Micro on their blog pointed out, if it is through a malicious APP invasion of the phone, the phone caused by relatively long-term effects. ! A malicious APP may be designed to: as long as the phone is opened, the APP will run automatically, then the phone will appear short-lived uncontrolled-there is no reaction, mute, unable to call, unable to answer the phone, etc. Vulnerability technical details The vulnerability exists in the mediaserver, mediaserver service is Android phone used to index a media file service. The cause of the security threat the reason is the mediaserver service is not the correct handle malformed files. When the mediaserver service parsing the MKV file will appear when an integer overflow, parsing the audio data, the attacker can read the buffer data, rewriting the NULL data. It will cause the service to crash. Vulnerability details the source: 8 6 5 size_t offset = 1; 8 6 6 size_t len1 = 0; 8 6 7 while (offset = codecPrivateSize) { 8 7 2 return ERROR_MALFORMED; 8 7 3 } 8 7 4 len1 += codecPrivate[offset++]; 8 7 5 8 7 6 size_t len2 = 0; 8 7 7 while (offset = codecPrivateSize) { 8 8 2 return ERROR_MALFORMED; 8 8 3 } 8 8 4 len2 += codecPrivate[offset++]; 8 8 5 8 8 6 if (codecPrivateSize setData(kKeyVorbisInfo, 0, &codecPrivate[offset], len1);//crash in here