After the Stagefright crash , it seemed that Android would be safe for some time against massive crashes. But a new loophole has been discovered – and again, it allows remote control of your mobile device thanks to a vulnerability.
The failure of the turn is called by Trend Micro CVE-2019-3842. It is in the AudioEffect media server component of Android, which uses as a check method an unauthenticated form of third party variable, usually in app form. This means that programs that are actually spies can bypass device security.
The file that invades the system is EffectBundle.cpp and gives the virtual attacker a number of possibilities related to mediaserver routines. Without the user authorization, the device can take photos, read MP4 files and record videos, among other activities. It may seem little, but it means that your privacy is totally compromised.
Who is in danger?
The AudioEffect issue has been detected on Android devices from version 2.3 (Gingerbread) to one of the latest, 5.1.1 (Lollipop). Not even custom versions are free of the breach unless mediaserver has been modified to be more protected.
Fortunately, no attacks using the flaw have been detected so far, and Google is already aware of the problem – so much so that an update that fixes the breach has already come out of the Android Open Source Project page.
Because the upgrade depends not only on Google , but on device manufacturers and even operating system version, some users may be slow to download with the security fix. The advice here is to always keep your device up to date, and preferably not to use Android apps and Android versions that are no longer supported.