Despite the latest patch for the Stagefright vulnerability for Android, the flaw still continues to haunt Google and leaving more than 950 million devices vulnerable. According to the researchers of Exodus Intelligence, the patch released by the search giant to millions of devices could still allow access to Android devices.
Exodus Intelligence said in a post regarding the latest patch for the Stagefright vulnerability for Android:
“The patch is four lines of code and was (presumably) reviewed by Google engineers prior to shipping. The public at large believes the current patch protects them when it in fact does not. We notified Google of the issue on August 7th but have not had a reply to our query regarding their release of an updated fix. Due to this, as well as the following facts, we have decided to notify the public of our findings.”
Normally, 30 days notice is given to the companies by the researchers regarding the security issues. This gives both parties enough time to create a patch for the flaw and share information. In the post, the Exodus Intelligence researchers said that they have decided to forgo the normal 30 days notice because it has been more than 120 days since the original issue was reported by them.
Google said that 90 percent of the Android users are safe due to a security feature called ASLR (address space layout randomization) that makes it difficult for hackers to attack the phone.
Users of Nexus devices will get the latest patch for the Stagefright vulnerability for Android via the monthly update program. The others will have to rely on their operators (Samsung and LG are committed to provide regular updates) or patch manually.