The security firm that discovered the Android vulnerability bug called Stagefright has found additional security flaws it has entitled Stagefright 2.0. Handset manufacturers Samsung, Google, LG, HTC, Huawei and Sony are busy preparing security patches for their devices.
Earlier this year, a security flaw known as Stagefright was discovered that could potentially allow hackers to control user's Android handset and steal data. The vulnerability could be triggered by the simple receipt of a text message. Smartphone manufacturers moved to patch the flaw, which affected older Android devices, but many phones are still vulnerable, and now, a new version of the bug has been discovered.
Stagefright 2.0 is a similar security flaw, which occurs when users play certain mp3 audio or mp4 video files on their smartphones. Zimperium, the company that discovered the initial Stagefright, issued the following statement:
"Following our discovery of vulnerabilities in the Stagefright library in April, Zimperium Mobile Threat Protection, zLabs VP of Research Joshua J. Drake continued researching media processing in Android. His continued research, which focused on remote attacks against current devices, led to the discovery of yet another security issue."
The new Stagefright vulnerabilities are twofold, and all Android devices are vulnerable to at least one, not just older devices running older versions of Android's OS, as was the case with Stagefright 1.0.
Zimperium stated that it has already contacted Google, which has already included a patch in its upcoming Nexus security update scheduled for next week. However, what about Android devices from other manufacturers?
Google has already provided patches for the exploit to its partners for phones running Android 4.4 KitKat and above. Devices running the older OS are waiting on the patch from Google, which has not been released.
Several smartphone makers have confirmed the inclusion of the available patch in updates. LG stated: "The update is in the process of being rolled out and this will be included in all new LG smartphones. We will continue to monitor the situation and take the necessary actions required so that LG customers know that their security is our highest priority."
HTC and Huwai have also issued statements that they are in the process of rolling out fixes to affected devices. Sony and Samsung have not specifically addressed the issue yet with regard to their smartphones but have received the available patches from Google.
Meanwhile, users need not panic as the threat is only theoretical so far, and no instances of hackers actually using the exploit have yet been reported.