[Q] Is MX Player one of the vulnerable 3rd party apps using libutils?

Search This thread

RadioRoscoe

New member
Jan 1, 2013
3
0
0
A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?
 

warvevo

Member
Apr 15, 2014
36
4
0
A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?

Ask to NSA. Wtf. Nothing in the world is bug free. One day People will ask mx player developer if mx player can be used as flying machine. Ma*ar**ut
 

RadioRoscoe

New member
Jan 1, 2013
3
0
0
Ask to NSA. Wtf. Nothing in the world is bug free. One day People will ask mx player developer if mx player can be used as flying machine. Ma*ar**ut

I was not blaming anybody for anything, only asking a question. I want to know if my phone is vulnerable to this exploit.
 

bleu8888

Senior Member
Mar 24, 2011
526
322
0
A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?
I don't think the "media app" only mean media player apps such as MX. But so many apps play media clips, including Google+, Facebook, Instagram, etc.
The problem comes from media files designed to attack user device and playing such files automatically.
MX Player can play both online and offline media, but it does not play files automatically unless user explictly request to play one. It means you are completely safe unless play such files through MX Player.

And there is one reason why MX Player is safer than stock media player.
MX Player has 3 decoders, HW, HW+ and SW. HW completely depends on phone's default media player which means it has same vulnerability as stock media player. But HW+ uses only Stragefright's decoding function but does not use Metadata related functions at all. In fact, HW+ uses FFmpeg instead of Stagefright to read AV stream and metadata. And SW does not access Stagefright at all.

Also MX Player does not have preview mode on video list screen unlike some stock players from some manufacturers or some 3rd party players.
 
Last edited:

auminous

Member
Dec 31, 2015
12
0
0
Mx player blocks stage fright 2.0?

A video player immune to stagefright ? brilliant !

Is it also immune to the new stagefright bugs (stagefright 2.0, the integer overflow) ?

Btw having it as a single easy to understand option called "block stagefright" would really help getting the knowledge spread out.
 

bleu8888

Senior Member
Mar 24, 2011
526
322
0
A video player immune to stagefright ? brilliant !

Is it also immune to the new stagefright bugs (stagefright 2.0, the integer overflow) ?

Btw having it as a single easy to understand option called "block stagefright" would really help getting the knowledge spread out.
It is same for the Integer overflow bug. HW+ and SW decoder does not call stagefright codes having this vulnerability.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    A new Ars Technica article (of which I cannot link to because my account has not posted enough) details possible 3rd party media app vulnerabilities. The name of the article is "a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs".
    Apparently, even after receiving the not yet released Google patch, your phone may still be vulnerable if 3rd party media playing apps use certain compromised code. Can we get confirmation that MX is in the clear?
    I don't think the "media app" only mean media player apps such as MX. But so many apps play media clips, including Google+, Facebook, Instagram, etc.
    The problem comes from media files designed to attack user device and playing such files automatically.
    MX Player can play both online and offline media, but it does not play files automatically unless user explictly request to play one. It means you are completely safe unless play such files through MX Player.

    And there is one reason why MX Player is safer than stock media player.
    MX Player has 3 decoders, HW, HW+ and SW. HW completely depends on phone's default media player which means it has same vulnerability as stock media player. But HW+ uses only Stragefright's decoding function but does not use Metadata related functions at all. In fact, HW+ uses FFmpeg instead of Stagefright to read AV stream and metadata. And SW does not access Stagefright at all.

    Also MX Player does not have preview mode on video list screen unlike some stock players from some manufacturers or some 3rd party players.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone