Android Security Flaw: Everything You Need to Know About the Latest Glitch
A security service discovered a new glitch that can render an Android phone dead.
The security flaw, which was found by Trend Micro, affects Android 4.3 (Jelly Bean) up to Android 5.1.1 (Lollipop's current version). When combined, these two operating system versions make up for more than half of Android devices globally.
According to Trend Micro, the bug can make a phone "silent" and "unable to make calls," and with a "lifeless screen." The vulnerability is acquired through a malicious app installed on the device, or through a specially-crafted site on the Web.
The former move can have long-term effects on the smartphone by bringing an app with "an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on," the news outlet noted.
"The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system)." Trend Micro explained.
Just recently, a report of another bug called "Stagefright" made its rounds online. According to Huffington Post, the glitch can gain access to a mobile device simply through a media message. The latest Android bug, on the other hand, requires interactions with a malicious website or app.
However, the latest vulnerability was deemed as low priority and is not highly dangerous, Huffington Post wrote. Trend Micro said that the glitch was reported privately to Google on May 15, with the company acknowledging on May 20 that the bug is "low priority" and labeled it as ANDROID-21296336.
The problem can be resolved by restarting your device, or by exercising precautions when surfing the Web or downloading apps, Huffington Post noted.
In response to the latest glitch, Google said that the company is working on providing a cure.
"We will provide a fix in a future version of Android," Google's spokeswoman told the news outlet. It's probable that it will be long before the fix reaches devices, given that Android phones come from a diverse lineup of companies, which are not quick when it comes to implementing fixes.
Trend Micro also warned users that Stagefright and the latest glitch are just the beginning.
"Further research into Android -- especially the mediaserver service -- may find other vulnerabilities that could have more serious consequences to users, including remote code execution," Trend Micro wrote.