An Update on the Stagefright Vulnerability

What is Stagefright?
Stagefright is a vulnerability in the Android media library that allows attackers to send a multimedia text messages that enable them to steal information off of a device.

How can an attacker use Stagefright?
Using a victim’s phone number, an attacker only has to send the malware-infected multimedia file to a device via MMS.

Who is at risk?
Smartphones and tablets running versions of Android prior to version 4.1 (ICS) are at risk. The introduction of ASLR in Android 4.1 made it significantly more difficult to exploit this vulnerability because a device would need to receive hundreds of messages for this to work.

What can I do to protect myself?
Check Point Mobile Threat Prevention uses a combination of detection mechanisms to protect iOS and Android devices from advanced attacks.  In particular, it uses anomaly detection methods for on-device events to detect and stop various known and zero-day attacks like StageFright.

Check Point IPS blade protects its customers from various Stagefright vulnerabilities with the following IPS protections:

Google Stagefright 3GPP Metadata Buffer Overread (CVE-2015-3826)

Google Stagefright 3GPP Integer Underflow (CVE-2015-3828)

Google Stagefright MP4 Multiple Atoms Integer Underflow (CVE-2015-1539; CVE-2015-3827)

Google Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829)