Android Stagefright vulnerability leaves handsets at risk
Privacy
[SOUND]
A new security flaw in Google's android operating system may effect millions of users according to researchers at mobile security firm, Zimperium.
An attacker could take control of a device and gain access to information on the handset.
The vulnerability is found in Stagefright, Android's media playback tool.
One example of an attack is via text message.
Depending on the messaging app you use, you don't have to open the message for your device to be compromised.
The attacker can send a specially crafted MMS file that is
Automatically being parsed, and then the phone will be infected.
It can also be triggered via other means like a browser.
It can be triggered via Chrome or Firefox, so whenever you go to any website that has this specific vulnerability.
Google was notified of the vulnerability a few months ago.
A Google spokesperson said, The security of Android users is extremely important to us, so we've already responded quickly to this issue by sending the fix for all Android devices to our partners.
Unlike Apple's mobile operating system, IOS, updates to the Android platform are distributed through wireless carriers and phone manufacturers.
It's then up to them to push out updates to users.
So Android users could stop using all messaging apps on their phones, but that's very unlikely.
So, essentially, we need to wait for the patches to come out.
For now, [UNKNOWN] says that it doesn't believe anyone is exploiting the security flaw.
Google also makes it's applications run in something called a sandbox which limits an apps access to anything outside of itself.
The security phone suggests Android users update to the latest version although that doesn't guarantee the patch has been applied.
In San Fransisco Lexy Savvides CNET.
COM for CBS News.
