Google will be rolling out a security update for the Stagefright vulnerability, a critical security bug which was highlighted earlier this week, for its Nexus devices starting next week.
To recall, cyber-security firm Zimperium on Monday warned of a flaw in the world's most popular smartphone operating system that let hackers take control of Android smartphones with an MMS message. According to the report, attackers could remotely execute code via a specially crafted media file delivered via an MMS message to the customer's Android handset. The bug can affect the device even if the message has not been opened. The malicious codes would let them take control of the device without the owner's knowledge.
However, Google has now promised for a fix, meant for the company's own Nexus devices. Google also says it has already provided a fix to partners for them to roll out fixes for their devices, and will be releasing the additional safeguards it is rolling out for Nexus devices in open source. A company spokesperson is quoted by Android Police to say, this vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users [..] As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we'll be releasing it in open source when the details are made public by the researcher at BlackHat." The Black Hat computer security conference will be taking place in Las Vegas early in August.
While the Nexus handsets would receive the fix, it still leaves majority of the Android-powered smartphones exposed to the vulnerability. It is worth mentioning that CyanogenMod has already started issuing patches for the Stagefright bug to its users. The Stagefright flaw imperils some 95 percent, or an estimated 950 million Android phones, according to Zimperium.