Android Stagefright Flaw Zero-Day Vulnerability

Last Updated: 07/20/2016

Security Notice Level


Zimperium zLabs has disclosed a zero-day flaw in the Stagefright media playback engine that affects roughly 95% of Android devices. The flaw allows malware to be sent via the MMS application, and it requires no user interaction. This vulnerability may allow remote code execution and/or denial of service.      

Affected Software

Android versions 2.2 to 5.1


Until a vendor provided patch is issued from Google, disabling auto retrieve of SMS/MMS may partially mitigate this vulnerability, see link below [1].  According to Zimperium, Android devices older than 18 months are unlikely to receive an update at all.    

Security Bulletin Name

Zimperium - Experts Found a Unicorn in the Heart of Android
Twilio Blog - How to Protect Your Android Phone From the Stagefright Bug
VB - Researchers find vulnerability that affects 95% of Android devices
Threat Post - Android Stagefright Flaw put 950 million devices at risk

Additional Information

Additional information about this vulnerability can be viewed at: [1]

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or