<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>i.MX ProcessorsのトピックRe: Android vulnerability related with stagefright</title>
    <link>https://community.nxp.com/t5/i-MX-Processors/Android-vulnerability-related-with-stagefright/m-p/420587#M63409</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;will there also be a patch for older versions? Like JB or ICS?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Tue, 18 Aug 2015 11:08:30 GMT</pubDate>
    <dc:creator>matthiasschaff</dc:creator>
    <dc:date>2015-08-18T11:08:30Z</dc:date>
    <item>
      <title>Android vulnerability related with stagefright</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/Android-vulnerability-related-with-stagefright/m-p/420586#M63408</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P style="font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; color: #51626f;"&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 10pt; font-family: 'courier new', courier; color: black;"&gt;There are several vulnerabilities been found recently as below:&lt;/SPAN&gt;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 10pt; font-family: 'courier new', courier; color: black;"&gt;ZIMPERIUM’s report:&lt;A class="jive-link-external-small" href="http://jiveon.jivesoftware.com/mpss/c/7gA/PDcDAA/t.1p4/5z0zjG0pTd2TX1EnZDdFDQ/h3/hAMy2Th8Lsdoz-2BI-2B-2B4FlQpxshE-2Fm9XH3UWXhoYdrt6y4Crt0q1GUsW8pizm7YGWnxGc52SR4U4vCgooHeqoe1S9fu9dc4l1m2ew0Kz-2BSCbA-3D" rel="nofollow" style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: #017bba;"&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: black;"&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;A href="http://jiveon.jivesoftware.com/mpss/c/7gA/PDcDAA/t.1p4/5z0zjG0pTd2TX1EnZDdFDQ/h3/hAMy2Th8Lsdoz-2BI-2B-2B4FlQpxshE-2Fm9XH3UWXhoYdrt6y4Crt0q1GUsW8pizm7YGWnxGc52SR4U4vCgooHeqoe1S9fu9dc4l1m2ew0Kz-2BSCbA-3D" target="test_blank"&gt;http://jiveon.jivesoftware.com/mpss/c/7gA/PDcDAA/t.1p4/5z0zjG0pTd2TX1EnZDdFDQ/h3/hAMy2Th8Lsdoz-2BI-2B-2B4FlQpxshE-2Fm9XH3UWXhoYdrt6y4Crt0q1GUsW8pizm7YGWnxGc52SR4U4vCgooHeqoe1S9fu9dc4l1m2ew0Kz-2BSCbA-3D&lt;/A&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;SPAN style="color: black; font-weight: inherit; font-size: 10pt; font-family: 'courier new', courier; font-style: inherit;"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; They are reported as CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 and CVE-2015-3829.&lt;/SPAN&gt;&lt;SPAN style="font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; color: #51626f;"&gt; &lt;/SPAN&gt;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 10pt; font-family: 'courier new', courier; color: black;"&gt;Trendmicro’s&amp;nbsp; report:&lt;A class="jive-link-external-small" href="http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/" rel="nofollow" style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: #017bba;"&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: black;"&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;A href="http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/" target="test_blank"&gt;http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/&lt;/A&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;SPAN style="font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; color: #51626f; background: white;"&gt; &lt;/SPAN&gt;&lt;SPAN style="color: black; font-weight: inherit; background: white; font-size: 10pt; font-family: 'courier new', courier; font-style: inherit;"&gt;All above vulnerabilities are related with stagefright’s stackoverflow, which exist all android version since JellyBean 4.2. The stagefright is the default Multimedia framework in Android’s AOSP source code.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 10pt; font-family: 'courier new', courier; color: black;"&gt;&lt;BR /&gt;&lt;/SPAN&gt;&lt;SPAN style="color: #000000; font-family: 'courier new', courier; font-size: 13.3333330154419px;"&gt;To avoid attacking toward stagefright, it is recommended to have patches in this attach, which should be applied to myandroid/frameworks/av.&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="min-height: 8pt; padding: 0px;"&gt;&amp;nbsp;&lt;/P&gt;&lt;P style="font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; color: #51626f;"&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 10pt; font-family: 'courier new', courier; color: black;"&gt;Reference:&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; color: #51626f;"&gt;&lt;SPAN style="color: black; font-weight: inherit; font-size: 13.3333320617676px; font-family: inherit; font-style: inherit;"&gt;&lt;A class="jive-link-external-small" href="https://github.com/WhisperSystems/TextSecure/issues/3817" rel="nofollow" style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: #017bba;"&gt;&lt;SPAN style="font-weight: inherit; font-style: inherit; font-size: 13.3333320617676px; font-family: inherit; color: black;"&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;A href="https://github.com/WhisperSystems/TextSecure/issues/3817" target="test_blank"&gt;https://github.com/WhisperSystems/TextSecure/issues/3817&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Original Attachment has been moved to: &lt;A _jive_internal="true" href="https://community.nxp.com/docs/DOC-336704"&gt;kitkat-stagefright-patch.7z.zip&lt;/A&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 07 Aug 2015 07:19:17 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/Android-vulnerability-related-with-stagefright/m-p/420586#M63408</guid>
      <dc:creator>FangHui</dc:creator>
      <dc:date>2015-08-07T07:19:17Z</dc:date>
    </item>
    <item>
      <title>Re: Android vulnerability related with stagefright</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/Android-vulnerability-related-with-stagefright/m-p/420587#M63409</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;will there also be a patch for older versions? Like JB or ICS?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 18 Aug 2015 11:08:30 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/Android-vulnerability-related-with-stagefright/m-p/420587#M63409</guid>
      <dc:creator>matthiasschaff</dc:creator>
      <dc:date>2015-08-18T11:08:30Z</dc:date>
    </item>
  </channel>
</rss>

