After offering a patch to Android partners, Google said Tuesday it’s working on a Stagefright fix for Nexus devices that should be ready next week.
Stagefright is probably the worst vulnerability ever discovered in Android. It can infect your device through an MMS message and allow a third-party to monitor your activity without your knowledge.
Google already sent patches out to hardware partners and emphasized Android’s sandboxing technologies could prevent a catastrophe if your device is infected.
A Google spokesperson gave the following statement to Android Police:
This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users.
As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at BlackHat.
The story behind the story: The security firm Zimperium Labs discovered the bug in April and reported it to Google, offering them the industry standard 120-day window of secrecy.
Despite creating a fix, this must be siphoned through the long tube of Android updates. Manufacturers must apply it to their custom Android version. Then carriers must approve and send out the update.
This illustrates one of the major problems with Android’s fragmentation. Hopefully, Stagefright will help the industry recognize there’s more at stake to timely Android updates than missing the latest features. It’s created an unsustainable structure to keeping the ecosystem secure.
This story, "Google pledges a speedy Stagefright security fix for Nexus devices" was originally published by Greenbot.