Ouch

Sept 2016:

Talking about MMS:
“In Android Nougat, we’ve both hardened and re-architected mediaserver, one of the main system services that processes untrusted input. First, by incorporating integer overflow sanitization, part of Clang’s UndefinedBehaviorSanitizer, we prevent an entire class of vulnerabilities, which comprise the majority of reported libstagefright bugs. As soon as an integer overflow is detected, we shut down the process so an attack is stopped,” Xiaowen Xin of the Android security team said.

Oct 2016:

“The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.”

…by sending an MMS message to a fully patched Google Nexus 6P (no user interaction required) 🙁 Well, at least the code didn’t go public yet and Google will probably fix it as soon as possible.

Leave a Reply


Fatal error: Uncaught Error: Call to undefined function wp_grins() in D:\Abyss Web Server\htdocs\wp-content\themes\green\comments.php:92 Stack trace: #0 D:\Abyss Web Server\htdocs\wp-includes\comment-template.php(1535): require() #1 D:\Abyss Web Server\htdocs\wp-content\themes\green\single.php(55): comments_template() #2 D:\Abyss Web Server\htdocs\wp-includes\template-loader.php(106): include('D:\\Abyss Web Se...') #3 D:\Abyss Web Server\htdocs\wp-blog-header.php(19): require_once('D:\\Abyss Web Se...') #4 D:\Abyss Web Server\htdocs\index.php(17): require('D:\\Abyss Web Se...') #5 {main} thrown in D:\Abyss Web Server\htdocs\wp-content\themes\green\comments.php on line 92