A serious flaw has been found in Google’s recent fix for the recently-disclosed “Stagefright” security issue in its Android OS.
The issue lets malicious video content crash a phone, and can be triggered by automatic downloading of a video MMS. Google is distributing ad updated software patch to partners, and will update Nexus phones next month.
The Stagefright issue allows a malicious video to access random software code on the device, thus potentially crashing the phone. It cannot easily be used to target specific code, thanks to a security feature built into Android called ASLR. ASLR randomizes the location of code in memory to keep these kinds of exploits from being able to target any specific system code and perform a specific intended action.
