The Stagefright bug is not new to Android. It was first discovered back in July. But it appears to have become particularly vulnerable, capable now of directly affecting audio files on Android devices.
Zimperium, the research company that discovered the bug in late July, said Stagefright now allows hackers to silently integrate malicious audio files, either in MP3 or MP4 format, into Android devices. The vulnerability is claimed to affect "almost every Android device", even the ones that run on Android 5.0 (Lollipop) or Android 6.0 (Marshmallow), the latest versions of Google's operating system.
The new version of the Stagefright bug can spread the virus on an Android device the moment a user previews the affected audio file on a web page. It can also be deployed through a public Wi-Fi network.
Zimperium's founder and chief technology officer Zuk Avraham, said it would affect over 1.4 billion Android users. This is far bigger than the 950 million users that were vulnerable in 2014.
Google has acknowledged the vulnerability and is working on a patch that will be rolled out to the Nexus series smartphones as early as on 5 October. The patch will be available to major manufacturers of Android devices to fix the bug on 10 October. Motorola, a key maker of Android devices, has confirmed the arrival of a Stagefright bug fix and is in development to release a software update.