Six critical vulnerabilities have left 95 per cent of Google Android phones open to an attack delivered by a simple multimedia text, a mobile security expert warned today. In some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. The vulnerabilities are said to be the worst Android flaws ever uncovered.

 Joshua Drake, from Zimperium zLabs, who reported the bugs in April this year, said whilst Google has sent out patches to its partners, he believes most manufacturers have not made fixes available to protect their customers. “All devices should be assumed to be vulnerable,” Drake, vice president of platform research and exploitation at Zimperium, told FORBES. He believes as many as 950 million Android phones could be affected, going on figures suggesting there are just over 1 billion in use. Only Android phones below version 2.2 are not affected, he added.

The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing...

http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/