[Q] Is MX Player one of the vulnerable 3rd party apps using libutils?

[RadioRoscoe]

A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?

 

[warvevo]

A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?

Ask to NSA. Wtf. Nothing in the world is bug free. One day People will ask mx player developer if mx player can be used as flying machine. Ma*ar**ut

 

[RadioRoscoe]

Ask to NSA. Wtf. Nothing in the world is bug free. One day People will ask mx player developer if mx player can be used as flying machine. Ma*ar**ut

I was not blaming anybody for anything, only asking a question. I want to know if my phone is vulnerable to this exploit.

 

[CDB-Man]

The article in question, for reference:
http://arstechnica.com/security/201...hones-are-vulnerable-to-new-stagefright-bugs/

 

[bleu8888]

A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?

I don't think the "media app" only mean media player apps such as MX. But so many apps play media clips, including Google+, Facebook, Instagram, etc.
The problem comes from media files designed to attack user device and playing such files automatically.
MX Player can play both online and offline media, but it does not play files automatically unless user explictly request to play one. It means you are completely safe unless play such files through MX Player.

And there is one reason why MX Player is safer than stock media player.
MX Player has 3 decoders, HW, HW+ and SW. HW completely depends on phone's default media player which means it has same vulnerability as stock media player. But HW+ uses only Stragefright's decoding function but does not use Metadata related functions at all. In fact, HW+ uses FFmpeg instead of Stagefright to read AV stream and metadata. And SW does not access Stagefright at all.

Also MX Player does not have preview mode on video list screen unlike some stock players from some manufacturers or some 3rd party players.

 

[auminous]

Mx player blocks stage fright 2.0?

A video player immune to stagefright ? brilliant !

Is it also immune to the new stagefright bugs (stagefright 2.0, the integer overflow) ?

Btw having it as a single easy to understand option called "block stagefright" would really help getting the knowledge spread out.

 

[bleu8888]

A video player immune to stagefright ? brilliant !

Is it also immune to the new stagefright bugs (stagefright 2.0, the integer overflow) ?

Btw having it as a single easy to understand option called "block stagefright" would really help getting the knowledge spread out.

It is same for the Integer overflow bug. HW+ and SW decoder does not call stagefright codes having this vulnerability.