Google Patches Stagefright 2 Android Vulnerability | eWeek
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Google Patches Stagefright 2 Android Vulnerability

Stagefright 2 Android Vulnerability
Written By
Sean Michael Kerner
Sean Michael Kerner
Oct 6, 2015
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Google isn’t wasting any time patching newly announced vulnerabilities in its Android mobile operating system. On Oct. 5, Google released its monthly Nexus update, providing a patch for the Stagefright 2.0 issues that Zimperium zLabs Vice President of Platform Research and Exploitation Joshua Drake first announced on Oct. 1.

Drake disclosed two issues, CVE-2015-3876 and CVE-2015-6602, which Google has patched. In total, the Google Android October update patches 19 different vulnerabilities.

Drake told eWEEK that he reported 10 different issues to Google on Aug. 15. In addition to the CVE-2015-3876 and CVE-2015-6602 vulnerabilities, Google also is patching a third issue that Drake reported; the vulnerability, known as CVE-2015-3875, was also reported to Google by Daniel Micay, a security researcher at Copperhead Security.

“Daniel [Micay] reported it back while everyone was in Vegas; I reported it 10 days later, was told it was duplicate and commended Daniel on his work,” Drake said.

The other seven issues that Drake has reported to Google on Android remain unpatched, although the risk is not quite the same.

“The other issues require more research to determine if they are reachable through any local or remote attack vector,” Drake said. “That is, neither Google nor I have confirmed there’s anything exploitable there—[which is] much different from the CVE-2015-3876 and CVE-2015-6602 cases.”

The patches are now present in the Android Open Source Project (AOSP), and Google Nexus devices are starting to receive updates.

“We hope that other vendors will release Stagefright 2.0 updates soon,” Drake said.

Google’s move to a monthly update cycle for Android patches is partly a reaction to Drake’s original Stagefright research first disclosed in July. Google’s Android Security Chief Adrian Ludwig has pledged to accelerate the pace of security updates to help keep users safe.

It’s a pledge that Drake and Zimperium intend to help validate. “We plan to analyze the speed of updates as a longer-term project and will release the findings to the public when they are ready,” Drake said. “So far, our gut feeling is that OEMs are trying to get updates out faster but have significantly more overhead to deal with than Google/Nexus.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information