RAZR MMS Vulnerability

[phernandez]

Thought this was interesting because I once owned one and it goes to show that even the lowly cell phone can be a target. The venerable Motorola RAZR can fall prey to an MMS message containing a malicious JPG.

Zero Day Initiative has the details:

Motorola RAZR JPG Processing Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.

The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

Short and sweet. Motorola has information on how to update the phone's firmware, but unless you blindly accept MMS images, the likelihood of getting infected are nil.

[via Engadget]

[wolfman1984]

The Wolfman thinks a lot people will blindly accept an MMS image. Curiosity sometimes out-weighs common sense.

Does anyone know if this vulnerability is actively being exploited? Has an exploit been released?

[isildur]

Wolfie is right. The average person on the street would probably never even consider that this is even a vulnerability (hell most of them will open anything sent to them on their PC still much less their phone). There would be the overriding incentive that they could get to look at somethin' nekked.