Dear All,

A new exploit for the vulnerability in android devices named "Stagefright" has been announced.The Stagefright bug was discovered by Joshua Drake from the Zimperium security firm, and was publicly announced for the first time on July 27, 2015. Prior to the announcement, Drake reported the bug to Google in April 2015, which incorporated a related bugfix into its internal source code repositories two days after the report.In July 2015, Evgeny Legerov, a Moscow-based security researcher, announced that he found at least two similar heap overflow zero-day vulnerabilities in the Stagefright library, claiming at the same time that the library has been already exploited for a while. Legerov also confirmed that the vulnerabilities he discovered become unexploitable by applying the patches Drake submitted to Google.

On the 17th March 2016 a group of Israeli researchers cracked the challenge by crafting a reliable exploit for the Stagefright vulnerability that emerged in Android last year.
Millions of unpatched Android devices are vulnerable to their crack, which bypasses Android's security defenses. Visiting a hacker's webpage is enough to trigger a system compromise.
Stagefright is the name of a software library used by Android to parse videos and other media; it can be exploited by a booby-trapped message or webpage to execute malicious code on vulnerable devices.

Certain mitigations of the Stagefright bug exist for devices that run unpatched versions of Android, including disabling the automatic retrieval of MMS messages and blocking the reception of text messages from unknown senders. However, these two mitigations are not supported in all MMS applications (the Google Hangouts app, for example, only supports the former),and they do not cover all feasible attack vectors that make exploitation of the Stagefright bug possible by other means, such as by opening or downloading a malicious multimedia file using the device's web browser.

Further mitigation comes from some of the security features built into newer versions of Android that may help in making exploitation of the Stagefright bug more difficult; an example is the address space layout randomization (ASLR) feature that was introduced in Android 4.0 "Ice Cream Sandwich" and fully enabled in Android 4.1 "Jelly Bean".The latest version of Android 5.1 "Lollipop" includes patches against the Stagefright bug.