1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Android's media processing service sees another serious vulnerability

Discussion in 'CSO' started by RSS, Aug 18, 2015.

  1. RSS

    RSS New Member Member

    The Android service that processes multimedia files has been the source of several vulnerabilities recently, including a new one that could give rogue applications access to sensitive permissions.

    The latest vulnerability in Android's mediaserver component was discovered by security researchers from antivirus firm Trend Micro and stems from a feature called AudioEffect.

    MORE ON CSO:Mobile Security Survival Guide

    The implementation of this feature does not properly check some buffer sizes that are supplied by clients, like media player applications. Therefore it is possible to craft a rogue application without any special permissions that could exploit the flaw to trigger a heap overflow, the Trend Micro researchers said Monday in a blog post.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page