Google's Stagefright Patch Doesn't Work

 
Android's code execution vulnerability, which allows hackers to remotely execute code on an Android phone simply by sending a text message to the device, allegedly patched by Google,  is still open.
 
Researchers from Exodus Intelligence report that they are still able to exploit the bug in the Stagefright tool even after the handset has been patched.
 
As if that wasn't bad news enough, another research firm has been able to break the isolation security that prevents one app accessing the information stored in another.
 
It seems very much like Google has lost control of the Android environment when it comes to security. Whilst there is no indication that exploits have been released that use either of these vulnerabilities, the potential impact of the two combined should have all Android users worried.
 
For all its flexibility and power, if Google cannot reassure its customers that Android's security lid is firmly in place, then they will inevitably seek out a platform where it is.

0 comments: