We reported on a newly discovered Android security vulnerability yesterday, hackers can gain access by simply sending a MMS message to the target’s device and it doesn’t even matter if that message is opened or not, Android’s default media handling system would automatically process the message and activate the code. Naturally this has raised security concerns and Google has now come out with a statement on the matter, it promises a fix for this flaw by next week.
The vulnerability is called Stagefright and it exploits how the Hangouts app automatically process incoming video so that it’s ready for the user in the gallery. Hackers can put malicious code inside the video and since it will be automatically processed by the device it doesn’t even matter if the message was opened or not.
Google has actually been aware of Stagefright since April and has been working on patches to address the issue. In a statement released today the company says that as far as it knows no one has been affected because when it came to know about this vulnerability it immediately sent a fix to carrier partners to protect users.
It’s going to release further safeguards for Nexus devices in a scheduled security update next week but that would still leave hundreds of millions of Android devices without this particular fix, Google will presumably share it with other device makers to ensure that all Android users are protected against any attacks that might try to exploit the Stagefright vulnerability.