The interconnectivity of technology has led to a point where many devices are potentially vulnerable, and in the third quarter, the real world impacts of cyber-attacks became clear. The Stagefright vulnerability affected nearly 95% of all Android devices out there. In total, five different vulnerabilities in media processing in Android were attacked this quarter.
Trend Micro Incorporated announced its security round-up report, Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks , which analyzes the vulnerabilities and repercussions of attacks seen last quarter.
Stagefright22 [CVE-2015-3824], which allows attackers to install malware on affected devices by distributing malicious Multimedia Messaging Service [MMS] messages, reportedly put 94.1% of Android devices [as of this July] at risk. Reports also state that they found a bug that could render Android phones silent and unable to make calls or send text messages23. Reports said more than 50% of Android devices [as of this July] were vulnerable to this flaw. Another critical Mediaserver vulnerability [CVE-2015-382325], which could cause devices to endlessly reboot and allow attackers to remotely run arbitrary code, was also found.
At that time, 89% of Android devices were susceptible to exploitation. CVE-2015-3842, which could allow remote code execution in Mediaserver’s AudioEffect component, also figured in the landscape this August26.
In response to the recent spate of Android vulnerability discoveries, Google finally announced regular security updates for the platform. Trend Micro is yet to see how the platform’s current state of fragmentation will affect this plan. Security patches may not be able make their way to all devices without the support of manufacturers and carriers, rendering them vulnerable to exploitation.
Android’s Mediaserver component, which handles media-related tasks, recently became and is likely to remain an active attack target.
New attacks reiterated existing iOS and Android issues
The discovery of Mediaserver vulnerabilities in Android highlighted the need for a more integrated set of security strategies across Google, manufacturers, and carriers. Modified versions of app-creation tools like Xcode and Unity also dispelled the notion that Apple’s walled garden approach to security can spare iOS from attacks. Attackers continued to take advantage of gaps in security to trail their sights on mobile device users, regardless of platform, thus furthering the already-exponential growth of mobile malware.
Attackers are continuing to set their sights on mobile device users, taking advantage of gaps in security that exist on the iOS and Android platforms. The discovery of vulnerabilities in Android highlighted the need for a more integrated set of security strategies, while modified versions of app creation tools debunked the notion that the iOS walled garden approach to security can spare the platform from attacks.
For the complete report, please visit this link
About Trend Micro
Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Their solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™ infrastructure & are supported by more than 1,200 threat experts around the globe. For more information, visit TrendMicro