Millions of Android devices are at risk yet again after researchers found a new way to exploit an older vulnerability that was previously patched by Google.
NorthBit, based in Herzliya, Israel, published a paper outlining Metaphor, a nickname for a new weakness they found in Stagefright, Android’s mediaserver and multimedia library.
The attack is effective against devices running Android versions 2.2 through 4.0 and 5.0 and 5.1, NorthBit said.
The company said its attack works best on Google’s Nexus 5 with stock ROM, and with some modifications for HTC’s One, LG’s G3 and Samsung’s S5.
The attack is an extension of other ones developed for CVE-2015-3864, a remote code execution vulnerability which has been patched twice by Google.