+- PINE64 (https://forum.pine64.org)
+-- Forum: PINE A64(+) (https://forum.pine64.org/forumdisplay.php?fid=4)
+--- Forum: Android on Pine A64(+) (https://forum.pine64.org/forumdisplay.php?fid=5)
+--- Thread: Stagefright Vulnerabilities! (/showthread.php?tid=940)
Stagefright Vulnerabilities! - hyperlogos - 05-04-2016
I ran the Stagefright Detector app against my Android install and I got back vulnerable to CVE-2015-3876, CVE-2015-3864, and CVE-2015-6602. CVE-2015-6602 in particular makes the system vulnerable to malicious MP3 and MP4 files!
Stagefright patches are freely and publicly available. Not applying them is dangerous. Will these vulnerabilities be addressed any time soon?
RE: Stagefright Vulnerabilities! - janjwerner - 05-05-2016
I have patched some bugs in the Longsleep's kernel. I don't know of anyone working on security fixes for Android.
RE: Stagefright Vulnerabilities! - Keex - 05-06-2016
(05-04-2016, 06:01 PM)hyperlogos Wrote: I ran the Stagefright Detector app against my Android install and I got back vulnerable to CVE-2015-3876, CVE-2015-3864, and CVE-2015-6602. CVE-2015-6602 in particular makes the system vulnerable to malicious MP3 and MP4 files!
Stagefright patches are freely and publicly available. Not applying them is dangerous. Will these vulnerabilities be addressed any time soon?
Good find. Do you know if these patches can just be installed, or do they need to be incorporated in the kernel somehow?
RE: Stagefright Vulnerabilities! - tkaiser - 05-06-2016
(05-06-2016, 03:18 AM)Keex Wrote: Do you know if these patches can just be installed, or do they need to be incorporated in the kernel somehow?
The latter.