Even after patch, Stagefright poses threat to Android devices
After a patch for the Stagefright flaw was discovered to be incomplete, leaving Android devices vulnerable to attack, Google has released a new patch to open source, according to a Kaspersky Lab Threatpost.
The four-line code fix offered for CVE-2015-3824 still allowed Android devices to crash. And, even with the patch, attackers would be able to takeover the devices.
The security researcher who created the patch issued by Google, Joshua Drake from Zimperium Mobile Security's zLabs, wrote Threatpost to say that it was his understanding that a number of additional issues have arisen since he discovered the Stagefright vulnerability.
Threatpost also quoted a Google spokesperson as saying that the company has “already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update.”