Attention Android users!





More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities .





Yes, Android Stagefright bug is Back…





…and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.

Stagefright bug that allowed hackers to hijack Android smartphones with just a simple text message (exploit code). In July, Joshua Drake, a Security researcher at Zimperium revealed the first that allowed hackers towith just a simple text message ().





How Stagefright Bug 2.0 Works





CVE-2015-6602 and CVE-2015-3876) also reside in the Android Media Playback Engine called 'Stagefright' and affects all Android OS version from 1 to latest release 5.1.1. Both newly discovered vulnerabilities (and) also reside in the Android Media Playback Engine called '' and affects all Android OS version from 1 to latest release 5.1.1.





Reportedly, merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device.





New Stagefright Attack Vectors





The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:

Webpage

Man-in-the-middle attack

Third-party media player

Instant messaging apps

"Additionally, the attacker gains a foothold, from which they could conduct further local privilege escalation attacks and take complete control of the device," Zimperium said.

Google has scheduled monthly Android Security Update on 5th October 2015, which will patch newly discovered vulnerabilities for Nexus devices.





Google has already shared vulnerability report and patches with OEM Partners on Sept. 10. So you might be receiving patches soon from your Android device manufacturer.





Zimperium reported the flaws to Google on Aug. 15. The firm also plans to release technical details and proof-of-concept exploit code once a fix is released.





Stay Tuned to The Hacker News Facebook Page for more updates.