Previously we only had to worry about the number of vulnerabiltities
Now, we have to be concerned about the number of hosts that are affected and the level of expertise and awareness of the users.
From the article:
Stagefright is an over-privileged application with system access on some devices, which enables privileges similar to apps with root access. Stagefright is used to process a number of common media formats, and it’s implemented in native C++ code, making it simpler to exploit.
“That process, you would think, would be sandboxed and locked down as much as it could because it’s processing dangerous, risky code, but it actually has access to the Internet,” Drake said. “Android has a group enforcement where it allows [Stagefright] to connect to the Internet. This service is on all Android devices. I’d rather not have a service that’s doing risky processing have Internet access.”
For More Info:
No comments:
Post a Comment