The Android security vulnerability known as Stagefright has evolved into Stagefright 2.0, and it can haunt even more Android phones than the original, according to mobile security company Zimperium.
The originally Stagefright vulnerability lets hackers install malicious software onto your Android phones running Android 2.2 and up, which was is estimated to include up to 950 million people. Those vulnerable Android phones could be exploited without needing any interaction on your part.
Android phones would become exposed by simply receiving a multimedia text message (MMS) with a malicious file, and you wouldn’t even need to open it.
Stagefright 2.0, on the other hand, can exploit Android phones running Android 1.0 and up, which can be up to 1.4 billion people.
The way Stagefright 2.0 can exploit your phone is also a little different, as it can exploit phones via the web browser (the MMS delivery method has been patched up by Google).
Unlike the original Stagefright MMS delivery method, the web browser delivery would need someone to actively visit a website, most likely via a link.
As a result of the original Stagefright exploit, Google and Samsung began issuing monthly security updates for certain phones, but not all of them.
In a statement to Tech Insider, Google said it will issue a patch for the new Stagefright exploit in early October:
“As announced in August, Android is using a monthly security update process. Issues including the ones Zimperium reported, will be patched in the October Monthly Security Update for Android rolling out Monday, October 5th.”
The only Android phones we know will get the security update so far are Google’s own Nexus devices, which run the pure version of Android.
NOW WATCH: Briefing videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.