Poor Android users are facing a terrible, horrible, and awful week.
Few days ago, Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use.
The report follows another significant Stagefright vulnerability that was revealed by separate researchers, who warned that nearly 950 Million Android phones can be hijacked by sending a simple text message or via malicious Android app or specially crafted web pages.
EXPLOIT TO TRAP ANDROID DEVICES IN ENDLESS REBOOTS
Now, the security researchers have discovered a dangerous security bug in the Android operating system that they claim can "brick" your phone, making it unresponsive and completely useless.
The new vulnerability, CVE-2015-3823, can be exploited by potential hackers to cause your Android device to endless Reboot, and is similar to the Stagefright bug in that the flaw exists in the 'mediaserver' built-in program.
The vulnerability affects even more Android users. Nearly 90 percent of Android devices running versions 4.0.1 Jelly Bean to 5.1.1 Lollipop are vulnerable to the latest security flaw, affecting every 9 out of 10 Active Android devices.
HOW ANDROID EXPLOIT WORKS?
A Hacker can trigger endless reboots in two ways:
- Through a Malicious Android App
- Through a Specially-Crafted Web Site
In either case, the attacker lure victims to play malformed media file (.MKV file) using the buggy 'mediaserver' plugin. This will cause the mediaserver function to fall into an endless loop beyond the user's control, forcing the Android device to get slow down until it reboots… again and again.
"The vulnerability is caused by an integer overflow in parsing MKV files," mobile threat response engineer Wish Wu of Trend Micro wrote in a Monday blog post. This "causes the device to fall into an endless loop when reading video frames."
SMALL QUIRK TO GET RID OF THIS FLAW
The firm reported the issue to Google, but the company is not taking it seriously, classifying it as a low-level vulnerability.
Until the official patch is delivered by Google, you can do a simple quirk if this bug hit your devices. All you need to do is reboot your devices in Safe Mode by holding the power button down and pressing Power Off option until you see the pop-up box asking you to restart in Safe Mode.
Safe Mode will disable all third-party apps and information, allowing you to continue using your Android devices until a patch is released.