‘Stagefright’ Android Vulnerability

Android devices running Android versions 2.2 through 5.1.1_r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.

Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information. US-CERT recommends affected Android users contact their wireless carrier or device manufacturer for a software update.