Stagefright Exploit Has Public Release

c849714_mZimperium attempts to light fire a under the Google Security Division.

Does Stagefright sound familiar? Back in April, mobile security firm Zimperium (based in San Francisco and Tel Aviv) released a statement showing they found a flaw/exploit in the Google Android operating system. Zimperium shared their findings and data with Google at that time and strongly encouraged them to release security patches to fix the exploit.

Four months later, there have been very little to no patches released to resolve the vulnerability in the Android operating system.

So, in an attempt to light a fire under Google’s Security Division to get patches released, Zimperium has publicly released the Stagefright code. While Zimperium is saying the release is for “testing purposes,” the move has put most Android devices at risk.

Android version 4.1 (also known as Jelly Bean) and newer are less vulnerable because of the way the operating system divides the application data. Version 5.0 (or Lollipop) is mostly immune to the exploit. According to Google Play, about 8% of Android devices that access the Google Play store are running OS versions older than Jelly Bean — but that does not take into consideration the thousands of devices such as Kindle Fires that do not access Google branded or themed apps.

Only time will tell if this risky move will put some giddy-up in Google’s security team to fix the Stagefright exploit or not. However, we suggest you don’t hold your breath.

(Image Source: iCLIPART)