The first – the Stagefright exploit (several vulnerabilities) is apparently worse than the Heartbleed vulnerability. These could give the opening to run remote code from an MMS message, or even just viewing a specially constructed video on an infected webpage with embedded video content. The vulnerability is well explained here, and here.
There’s a fix for that out…you can check and fix with the app described here.
Now, two Israeli researchers (Bobrov and Bashan) have discovered another problem which comes from how remote help apps work together with tools OEMs install on your Android phone to help repair it.
“Coming back to how the exploit actually works, we need to understand how mSRTs work. Given that their functionality consists of particularly invasive and powerful abilities, these apps need special permissions and need to be signed by the OEM itself. As such, the tool is divided into two parts: the actual app that you see and interact with and a backend plugin that provides all these permissions. When the app requires special privileges, it connects to the plugin and is given the necessary permissions. Even phones that do not have the app installed might contain the plugin.
In order to verify that the app sending the requests to the plugin and asking for these special permissions is the official mSRT app, vendors create their own authentication tools on top of Android's Binder, which has no certification process of its own. And, that's where the problem comes in. By using this duality, the researchers were able to exploit the plugin's god-like powers and gain total access to the device, in some cases with just a text message.” – Neowin
so that the mSRT becomes an mRat. You can read more about it here, or here.
There should be a fix for this, but as of now, I don’t know if one exists. There is a tool to detect “Certifigate” and you can find it here.
Have a good weekend, folks.