EDIT You can mitigate the damage this vulnerability does by shutting off auto-loading of MMS messages. This article tells you how to do it.
Originally posted by
bruce_schneier at Stagefright Vulnerability in Android Phones
Originally posted by
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-syndicated.gif)
The Stagefright vulnerability for Android phones is a bad one. It's exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone -- on some phones it's full privilege), and it's trivial to weaponize. Imagine a worm that infects a phone and then immediately sends a copy of itself to everyone on that phone's contact list.
The worst part of this is that it's an Android exploit, so most phones won't be patched anytime soon -- if ever. (The people who discovered the bug alerted Google in April. Google has sent patches to its phone manufacturer partners, but most of them have not sent the patch to Android phone users.)