Like Michael Myers of the Halloween movies, Android’s Stagefright vulnerability keeps coming back. Mobile security company, Zimperium, who also discovered the first Stagefright bug, discovered this version of Stagefright, and confirmed that it can be exploited when Android processes maliciously crafted MP3 audio or MP4 video files. Even just previewing a media file can trigger it. It doesn’t matter how you got the media on your phone either. Even if it was delivered over a VPN or BES, you’re at risk if you play the media on a Web page, or in an IM client, etc.
The end result is that a hacker can run malicious code on the phone.
It’s actually a 2-part bug with the first part affecting almost all phones running Android 1.0 or later., and the second part affecting devices running Android 5.0 and later.
For what it’s worth, Google has released a patch for it. But they also patched all the previous vulnerabilities before, and that didn’t stop this one from happening. So I’m not optimistic about the future security of Android.
If you’re an Android user and you’re concerned about it, then you know what the real fix is: get a BB10 phone. It’s a big reason why #iChooseBB10.