Android Stagefright issues (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)

The Android stagefright vulnerability allows for a remote attacker to send a crafted MMS message to a victim's phone to steal data, access hardware and install malware. While in general Ubuntu does not share the affected code with Android, Ubuntu Touch devices utilizing the Android Open Source Project (AOSP) do contain the affected stagefright libraries, but Ubuntu Touch does not expose the affected functionality of these libraries in a way that can be leveraged by an attacker.

All of the details of Stagefright are not yet public and this page will updated as needed once they are.

Timeline

• 2015 07 27: Ubuntu received notification of the issue