Ouch
Friday, October 28th, 2016Sept 2016:
Talking about MMS:
“In Android Nougat, we’ve both hardened and re-architected mediaserver, one of the main system services that processes untrusted input. First, by incorporating integer overflow sanitization, part of Clang’s UndefinedBehaviorSanitizer, we prevent an entire class of vulnerabilities, which comprise the majority of reported libstagefright bugs. As soon as an integer overflow is detected, we shut down the process so an attack is stopped,” Xiaowen Xin of the Android security team said.
Oct 2016:
“The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.”
…by sending an MMS message to a fully patched Google Nexus 6P (no user interaction required) 🙁 Well, at least the code didn’t go public yet and Google will probably fix it as soon as possible.