It seems the storm Stagefright almost subsided. As you may recall, a few months ago it was discovered a terrible vulnerability, which dealt with the major media libraries, and affects almost all Android devices.
Since there were no reports of actual attacks exploiting the hole, but, naturally, it is quite stirred up the industry, causing a rapid reaction of many manufacturers.
Once the threat has passed, Zimperium – the same company that discovered the vulnerability of the original, and now warns of two new bugs that were found in the same Android Stagefright component. According to the official description, the new duo of vulnerabilities can be used with specially created mp3 and mp4-files. The first vulnerability is in libutils function and can threaten almost any version of Android. The second, however, can be even more frightening, as it relates to libstagefright and allows the introduction of malicious code and gain root access on devices running Android 5.0 and above.
However, despite the new vulnerability, a prior security update was not in vain. A hacker can use Stagefright 2.0 through MMS, you will have to use a web-based interface and phishing sites, thus reducing the probability of being hacked.
Also, for security purposes, Zimperium not published documentation on the vulnerability, so that hackers can not take advantage of ready-made solution that will give companies more time to fix the problem.