The vulnerability affects more than half of all Android devices, say researchers. It has not been a great week for Android.
Just days after a new branded bug, dubbed Stagefright, was disclosed in the widely popular mobile software, a new vulnerability threatens to render most Android devices unresponsive to basic tasks.
Discovered by Trend Micro researchers, the security flaw once triggered can put affected devices in a coma-like state, which includes preventing affected phones from making or receiving calls. An attacker can exploit a flaw through either a malicious app, which the researcher said could have long-term effects on the device, such as crashing the device every time it is turned on.
The researchers said in a blog post, published Wednesday: "The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system)".
In doing so, it will render the device mute, meaning no ringtone, message tone, or notification sounds will be heard. "The user will [have] no idea of an incoming call/message, and cannot even accept a call," and "neither party will hear each other," the blog post read.
The flaw affects devices running Android 4.3 "Jelly Bean" and later, including the latest Android 5.1.1 "Lollipop" update, a range that accounts for more than half of the entire install base.
Researchers said they disclosed the flaw after Google, which develops Android, failed to fix issues which were reported in late May after classifying it as a low-level vulnerability.