People are hyper-aware of Android vulnerabilities after the announcement of the Stagefright exploit recently, so Trend Micro is taking the opportunity to detail a bug it found in Android recently. It's a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until a reboot.

The vulnerability is exploited using a malformed video file in the Matroska container (usually an MKV file). When the mediaserver tries to process the file, it crashes and will likely take the rest of the system with it. The device won't ring for calls, the screen will probably stop working, and you won't be able to wake it up from sleep mode. The researchers tested this bug in both an app and a webpage with an embedded MKV file.

Trend Micro's blog post asserts that the bug could be used to design ransomware. However, crashing the device and forcing a reset won't offer an opportunity for the attacker to, you know, propose a ransom. Rebooting fixes it anyway, and even novice users will do that if the phone freezes.

Google was alerted to the bug in late May and has thus far not issued a patch (it's listed as low-priority), probably because malware makers won't have much interest in it. Annoying yes, but this isn't the big deal Trend Micro is making it out to be. Bugs happen, and this one isn't a real security threat.

Source: Trend Micro