Old Android vulnerability unearthed by Trend Micro could make your Android device silent and unresponsive
Trend Micro explains that the mediaserver service, where the vulnerability is contained, is used by Android to index the media files contained on the device's storage. If a MKV video file is malformed in the right way, it will crash the service and the rest of the operating system upon attempting to process it. This tactic can be exploited in multiple ways, depending on the attacker's creativity and intent. Trend Micro gives two examples — an app with an embedded malicious MKV file that starts with the device's boot, or through a specially engineered website.
The latter approach has been demonstrated by the firm in the video below. Although the mobile version of Chrome disables the preloading and autoplay of video files, the browser still reads the malicious MKV file until the mediaserver service crashes. The code causes an integer buffer overflow to take place, causing the system to crash.