Google Needs to Fix Stagefright Vulnerability

Google has not been able to for some reason address its vulnerability issues when it comes to Stagefright as yet. Despite rolling out patches and security updates, the problems continue for even Nexus users who thought they had seen the last of them.

Nexus patch related flaw irking users

Indeed, researchers have identified issues of a serious nature dogging the patches that were rolled out on Nexus gadgets. The main problem seems to be the inability of the app to detect flaws that are persisting even after the patch administration. Despite this being made known to Google, the OTA updates are continuing and making matters worse as per Exodus Intelligence, which sounded Google about the issue. Readers will recall that this media player named Stagefright had a huge user base of over 950 million and over 90% of Android devices were thought to be using it. However, there was always the feeling of vulnerability due to its open source nature and that appears to have fructified.

4 line patch codes not sufficient

To be fair to Google, they have moved quickly and applied patches once they received the initial bug reports. But now the feeling is maybe the 4 lines of code of the CVE – 2015 – 3824 are not proving to be sufficient to tackle the issue and when the Nexus 5 was tested with this updated firmware, it crashed. The company which tested this had to make the results public and Google in turn also confirmed the same to The Verge, along with the confirmation they are sending out another patch soon. The company was able to trigger off the fault that is affecting more than 900 million Android devices across the globe. The second patch is expected to come out during September. There is no news as yet about when other devices will receive the patch updates. It was only a couple of weeks back that both Samsung and Google announced they would be coming out with security patches on a monthly basis for their devices. This was supposed to cover LG as well as Motorola.

Access to Android gadgets still possible

With the patch failing, it is still possible to access Android gadgets and though all these have protection in the form of ASLR, Google would not like to take any chances. They would want to fix the issue at the earliest and hence the announcement of a second patch in September. For gadgets outside of the Nexus range, it is still a wait and watch situation. The short time period given by Exodus has not helped the cause as normally researchers do provide a month’s notice regarding security issues. That gives adequate time for both parties to prepare a patch and share data on how it is working. Google therefore has to act quickly and effectively through its September patch for Nexus and would have to ensure the other devices too do not suffer.