In a mobile “OSes” Google found the second week a critical vulnerability. It allows hackers to place the device, in fact, in a vegetative state. Having caught, Android-smartphone becomes silent and stop responding to user commands.
According to experts from the company Trend Micro, “hole” is contained in a component that is responsible for processing a multimedia container Matroska (MKV). Attackers can exploit this vulnerability in two ways: through an application with malicious code placed in a distorted MKV-file or Web page, which is built specially crafted MKV-video.
“The first method may cause long-term consequences for the device : an application with built-in MKV-file runs automatically, resulting in a ‘flight’ operating system each time the device is switched on, “- said the expert. On Android-smartphone, turn off all sounds and ringtones, and calls can not be accepted or rejected. Moreover, if the device is locked, it is impossible to unlock.
The effects caused by infection through the Web page, reversible: to restore the gadget to its normal state, it must be restarted. According to experts, the vulnerability affects all versions of Android since 4.3 (Jelly Bean), including the newest, 5.1.1 (Lollipop). According to statistics from Google Play in June, is more than half of all Android-devices in the world.
A few days ago in the Android found another “extremely dangerous” mistake, which is subject to a billion gadgets. It allows attackers to gain control over the device by sending a “bad” MMS-message with an attached image or melody. At the same time the victim is not required to take any action – the user only has to read “ememesku” to catch.
Source: blog Trend Micro