Security flaws are one of those things that Android users have unfortunately grown accustomed to, but the recent vulnerability known as Stagefright has taken things to an entirely different level. This vulnerability affects the vast majority of Android devices out there at the moment and allows hackers to hijack our device with a single message. To make matters worse, the “biggest software update the world has ever seen” that Google released to fix the vulnerability is not only easy to bypass, the update itself is vulnerable.
This is hardly a surprise. Google tried updating every Android phone on the planet to fix a vulnerability that let hackers take over devices with a single text message. Now, security researchers say that the patch itself is vulnerable. Talk about stage fright! The original vulnerability is called Stagefright. Get it? And now it’s afraid to work? This fairly scary weakness would allow hackers to embed malware in videos that could be sent to an Android device and, thanks to an Android feature, would automatically play when the user opened the Hangouts app. Since the flaw affected the operating system itself, up to a billion devices were in danger, prompting Google to release the “biggest software update the world has ever seen.” But even fixes can have flaws. Exodus Intelligence now reports that they’ve been able to bypass the patch and can still exploit the Stagefright flaw. The security company says that Google’s fix is giving people a “false sense of security.” For it’s part, Google says that 90-percent of Android users are safe thanks to a security feature called address space layout randomization (ASLR) that makes it more difficult for hackers to mount the attack.