Remember Stagefright? It was a security hole, or more accurately a cluster of holes, in Android’s core media-handling library, known as libstagefright. The official name of the buggy library quickly morphed into the media-friendly moniker of the bugs themselves, Stagefright. In operating system terms, a “library” (usually known as a DLL, or dynamic link library,...

We’ve written several reports over the past year about a malware toolkit that uses Microsoft Word as its delivery vehicle. The idea is to package malware inside a Word document in such a way that the file looks innocent, with no macros (Word program code), no embedded programs, or other content that might make a...

Apple iOS 9 is out. As usual when the left-most number changes, as here from version 8 to version 9, the download is bigger than your typical point release. For example, when we recently updated to 8.4.1, the download was about 50MB; this time, the over-the-air (OTA) update we were offered was 1.2GB. → Because...

The Android vulnerability known as Stagefright is back in the limelight. Stagefright is a bug, or more accurately a series of similar bugs, in an Android programming library called libstagefright. Libstagefright is part of the operating system that handles media files such as movies. If you receive an MMS (Multimedia Messaging Service) message that links...

Thanks to Gabor Szappanos of SophosLabs for his behind-the-scenes work on this article. SophosLabs has drawn our attention to a new wave of malware attacks using a recent security bug in Microsoft Word. The bug, known as CVE-2015-1641, was patched by Microsoft back in April 2015 in security bulletin MS15-033. The vulnerability was declared to...