AT&T has followed Sprint's lead in releasing a fix for the Stagefright vulnerability found in Android devices, releasing a batch of over-the-air updates that address the issue in several Samsung Galaxy devices.
Sprint is the first carrier to release a fix for the Galaxy Note 4 to address the Stagefright issue, before the carrier followed that up by releasing the same fix for several other Samsung Galaxy devices.
The patches that AT&T released apply to the Galaxy S6, Galaxy S6 Edge, Galaxy S6 Active, Galaxy S5, Galaxy S5 Active and Galaxy Note 4.
The update that AT&T rolled out only includes the enhancement to the security of the listed devices, ensuring that the Galaxy devices are no longer vulnerable to the Stagefright exploit.
Stagefright is a remote code execution bug that hackers can use to attack Android devices. The hackers will only have to send a single message to their targets to take over control of the devices, without requiring the owner of the devices to do anything.
The vulnerability is different from past issues because others require the owner to do something such as open a file or click on a link. That requirement is not present in Stagefright, as the exploit only requires the hacker to send an MMS to infiltrate and Android device.
Upon infiltrating an Android device, hackers can steal the contained data and even utilize the device's camera and microphone.
According to mobile security firm Zimperium, hackers can trigger the vulnerability and attack a user's Android device even while they are asleep. As the owner wakes up, the hacker can remove all signs that point to the device being compromised, and so users will continue their days without knowing that their Android device has been attacked.
In addition, Android device owners can do nothing to address the issue aside from wait for smartphone manufacturers and carriers to release security updates to fix the vulnerability.
The Stagefright problem has made Samsung rethink its policy for software updates, with the company now promising to release updates related to the security of its devices at least one time per month.