This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement about the Stagefright Security Vulnerability in Android OS Disclosed by Zimperium

  • Initial Release Date: Jul 29, 2015
  • Last Release Date: Dec 15, 2015


Huawei has noticed the 7 vulnerabilities (CVE-2015-3824, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829, CVE-2015-3826, CVE-2015-1538, and CVE-2015-1539) in Android OS disclosed by Joshua J. Drake, a researcher of Zimperium, a company in Israel. Huawei immediately launched a thorough investigation.

Huawei has also noticed that Joshua J. Drake gave a presentation titled "Stagefright: Scary Code in the Heart of Android" on these 7 security vulnerabilities at the BlackHat Conference in USA in early August.

In late June 2015, Google provided patches ANDROID-20923261 and ANDROID-20139950 to fix these vulnerabilities. Huawei has installed the patches in mainstream versions and released fixed versions of partial affected products. Other affected products are being fixed. On August 14, 2015, Google additionally released patch ANDROID-23034759 for CVE-2015-3824. Huawei will apply this patch and provide fixed versions.

Huawei has released a security advisory. The security advisory and notice about the stagefright vulnerability will be updated if any progress is made. Please stay tuned.

Link of the SA:

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

2015-12-15 V1.3 FINAL
2015-08-18 V1.2 UPDATED add statement about patch ANDROID-23034759
2015-08-09 V1.1 UPDATED add the link of SA
2015-07-29 V1.0 INITIAL



Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.