Exploit Submitted to Google on May 15th Still Unpatched – Trend Micro Releases Details

On May 15, 2015 Trend Micro submitted an exploit to Google that was then classified by Google as a low priority vulnerability.  The exploit remains unpatched and Trend Micro released the following details earlier today.

The exploit targets Android devices running Jellybean v4.3 up to Lollipop v5.1.1.  The exploit relies on the end user either installing and running an app or by visiting a website with a malformed media file, generally in the MKV format.  The exploit causes the device to go into a “silent mode” and then lock up thus becoming unresponsive but a reboot of the device will restore things back to normal operations.

In practice it makes sense that Google would classify this as a low priority but given the recent news about other Android exploits this is seeing a lot more limelight than it probably deserves.


Source Link: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/