Dan on Security
Register | Login
The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes Zimperium Mobile Security Blog
https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/

More than a month after the discovery of multiple critical vulnerabilities in Android’s media library (libstagefright), several exploits are already on the wild, including one from Imperium that results in a reverse shell.

What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538. [...] As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.
Although this particular exploit does not work on Android 5.0 and later, other exploit developers claim to have successfully managed to bypass ASLR using an information leakage vulnerability in Stagefright.

Tags: android vulnerability stagefright
More from: blog.zimperium.com


show/hide source |

Comments

No comments found :-( To post a comment, please log in