_Zimperium Mobile Security Labs (zLabs) _have been working hard to make Android operating system more safe and secure to use.
Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit, demonstrating the process of Remote Code Execution (RCE) by an attacker.
The released exploit is a python code creating an MP4 exploiting the ‘stsc’ vulnerability dubbed Stagefright.
The purpose behind the release is to put penetration testers and security researchers to test and check the vulnerability of the code and analyze the results.
Considered as the most critical flaw among all the existing vulnerabilities; the Stagefright flaw is capable of revealing user’s information remotely by injecting malicious code, even without any involvements of the user.
Two months ago, Zimperium Labs uncovered multiple vulnerabilities in ‘libstagefright,’ a service attached with the software-based codecs natively in Android smartphones for media playback.
The vulnerability allowed booby-trapped MP4 videos that supplied variables with 64-bit lengths to overflow the buffer and crash the smartphone when trying to open that multimedia message.
The list of vulnerabilities extend to:
The vulnerability was affecting Android operating system version 2.2 (Froyo) and before version 5.1.1_r9 (Lollipop).
To access the exploit go to Stagefright_CVE-2015-1538-1_Exploit.py (raw file) explaining the conditions that come along and everything you need to know.
To know further, visit US-CERT/CC advisory where they posted the details regarding the announcement.