The vulnerability can be exploited by a hacker, who could send malicious code disguised as a MMS video message to a potential victim's mobile device. Once the potential victim’s mobile device receives the message, the malicious code will execute, which could allow the hacker to infect the victim’s mobile device with a malicious program called a Trojan horse. Once the mobile device is infected, the hacker will be able to take control of the victim’s mobile device remotely from anywhere around the world without the victim knowing.
Once the hacker has taken control of the victim’s mobile device, he/she will be able to access microphone, camera and other functionalities of the mobile device, which the hacker will use to spy on the victim and steal the victim’s sensitive information. He/she will then use the information to rip off the victim.
The vulnerability is extremely dangerous because it does not require that the victim take any action for his/her mobile device to get infected. Once the victim’s mobile device receives the malicious MMS video message (without opening it), it will get infected and the hacker can delete the malicious MMS message before the victim notices it.
Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs said: “This vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual with an infected phone.”
Google has released a patch for the vulnerability to manufacturers, but most have not yet pushed that update to their customers.users of Android devices are urged to accept Android updates as soon as they are offered by their manufacturers or carriers.