We’ve reported on the security flaws that exist on Android devices collectively known as Stagefright, which was first discovered a few months ago. Google has now issued a patch for the Stagefright 2 bugs for its own Nexus devices.
Initially found by security firm, Zimperium, the Stagefright bugs affects leaves 950 million devices worldwide vulnerable to attackers. Stagefright 2 are two additional bugs found by Zimperium just last week that lets attackers crafted MP3 audio or MP4 video files to deliver and execute malicious code on almost every Android device from version 1.0 and above. In some cases, malicious code can be executed remotely without the user ever knowing.
According to Google’s October Nexus Security Bulletin, the company has patched the Stagefright 2 bugs for its own Nexus devices through an over-the-air update. Google is still working on fixing the rest of the Stagefright vulnerabilities as well as patches for other Android handsets.
In the meantime, users should exercise caution when visiting unknown websites on their Android devices and apply the latest Android OS updates as soon as they are available.