(In)security news: Mozilla Firefox critical update, Android’s Stagefright problem

If you use Firefox, update your browser. Firefox maker Mozilla on Thursday released a fix to a newly found exploit that could be used to steal local files from computers and upload them to a server in Ukraine.

Mozilla said Windows and Linux users were vulnerable, but not users of Macs, or Firefox for Android. Daniel Veditz, of Mozilla’s security team, also said in the blog post that some people running ad blockers might have been protected against the exploit. Still, Mozilla urged all Firefox users to update their browsers to version 39.0.3.

“The exploit leaves no trace it has been run on the local machine,” Veditz wrote. Because of the types of files targeted — developer-focused configuration files — he said Windows and Linux users should change passwords and keys for the targeted programs, which he detailed in the blog post.

In other security news, for Android users:

Heard of the Stagefright bug that can use a multimedia text message to hack into Android devices? There’s an app for detecting whether your Android is among the devices affected. The app comes from Zimperium, the mobile security company that a couple of weeks ago said it discovered Stagefright. It can tell you whether your device is affected, but for a fix, you would still need to wait for your carrier to release an OS update. Phone makers said they’d be rolling out updates this month. (They also said they will start releasing security updates every month.)

It’s unclear how many Android users are affected by Stagefright. Zimperium said it was 950 million users. But at the Black Hat security conference this week, Android engineer Adrian Ludwig disputed that number. From NPR:

While Google agrees this bug is serious, the company disputes how widespread it is. Ludwig says that currently, 90 percent of Android devices have a technology called ASLR enabled, which protects users from the issue.

 

Above: Firefox logo courtesy of Mozilla

 

Tags: , , , , ,

 

Share this Post



 
 
 
 
 
css.php