Amazon patched Stagefright Vulnerability in Fire TV devices prior to Public Announcement

stagefright-header
The Stagefright vulnerability in Android that has been in the news lately was patched on both the Amazon Fire TV and Fire TV Stick via the latest software updates that began rolling out around the middle of last month. The Stagefright bug was publicly announced on July 27th, which means Amazon had prior knowledge of the bug in order to have released their fix a week earlier on July 19th. Google was informed of the Android vulnerability in April, so they likely informed Amazon through private channels before the bug’s public announcement.

An AFTVnews reader, who goes by the incredibly creative username AFTV User, has tested for the vulnerability before and after applying the latest software update. I’ve also run the test myself and can verify that Fire TV’s running software version 51.1.6.1, including those running the pre-rooted ROM, and Fire TV Stick’s running software version 54.1.2.1 are not vulnerable to the Stagefright exploit, while Fire TV devices running older software are vulnerable.

It makes sense now why Amazon released the latest software version so soon after releasing the previous software update. The Stagefright bug allows attackers to remotely execute code and gain system privileges. While this type of vulnerability is not as big of a concern on a set top box as it is on a smartphone which tends to store more sensitive information, it’s nice to see Amazon was quick to respond and patch the security hole.

6 comments
  1. Steve says:

    “guys”

  2. Ulises Rodriguez says:

    Hi all,

    Happy to know that as the Amazon Fire Phone, the FireTv also have received the Stagefight fix, before all the “Big Brands” android devices!!

    Curiously, none one has mentioned on the “Android Comunity” (Latest Android News, El Android Libre, etc), that Amazon has been the first company that has corrected this annoying problem on the FireTV and Fire Phones!!!…

    I already have mentioned the same on my post at forum.xda-developers.com:

    http://forum.xda-developers.com/fire-phone/general/stagefight-detector-app-google-play-t3173650

    Hi all the Happy Fire Phone users.

    I thought that all Amazon Fire Phone users would like to know that Zimperium, the company that discovered Stagefright, published a simple app that checks if the device is exposed to any of the several vulnerabilities that make it up.

    Simply install it, tap “Begin Analysis,” and the app will show which vulnerability affects your phone.

    Unfortunately, the app does nothing else, so it’s up to you to look up what each code means and what you can do about it…

    After installing on my two Fire Phones (with Latest FireOS 4.6.3) this “Stagefight-Detector-APP” (from the Google Play Store), fortunately I always get the following message:

    Congratulations!…
    Your device is not affected by vulnerabilites in Stagefright!!

    https://play.google.com/store/apps/d…frightdetector

    So it could be true that Amazon has totally fixed, this Stagefight problem in their latest FireOS 4.6.3 for the Fire Phone!!

    Curiously, none one has mentioned on the “Android Comunity” (Latest Android News, El Android Libre, etc), that Amazon has been the first company that has corrected this annoying problem!!…

    But it does not surprise me, Because Apparently all these Android News Sites, Has Always mentioned Samsung, HTC, LG, Sony and other Big Brands, not the Amazon Fire Phone.

    I Really do not know if this APP is reliable or not, but at least works Flawlessly with the Fire Phone and also gives us a Fast Diagnosis of the “Stagefight” problem.

    Edit: Today Lookout has Released a Stagefright Detector App, that it also works with the Fire Phone, and can be downloaded from the Google Play Store:

    https://play.google.com/store/apps/d…frightdetector

    http://www.androidheadlines.com/2015…ector-app.htm

  3. Some One says:

    Could this be used to achieve root on the previously unrootable firmwares (51.1.2.0+)? Or the FireStick in general?

  4. xnamkcor says:

    They probably only fixed it so fast because it could be used to gain root access.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Get AFTVnews articles in your inbox!

Get an email anytime a new article is published.
No Spam EVER and Cancel Anytime.

FOLLOW