Android Users Exposed to Remote Hack via PNG File

Hackers can compromise Android phones with single image

Hackers can compromise Android phones with single image

One such vulnerability being fixed by Google has the ability to allow any hacker to take control of your device by just sending a photo in PNG format.

Google engineers have not revealed any technical aspect of the vulnerabilities so far, the updates mention fixing 'heap buffer overflow flaw', "errors in SkPngCodec".

And a similarly severe flaw at the system level could also allow a remote attacker to execute arbitrary code at a privileged level if they were to craft a malicious transmission delivered over Bluetooth.

The bulletin is deliberately vague on details, but Google said the issue was the most critical security vulnerability to be addressed on the list. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. However, given the ease in which the bug can be exploited, users should accept incoming updates to their Android builds as soon as possible.

If you are an Android user, you should be careful while opening an image in your phone downloaded from any random website or received from an unknown sender. Well, the February 2019 Android security update has only been released for the Pixel smartphones, the Pixel C tablet, and the Essential Phone.

The critical vulnerability has been spotted in three forms (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and affects Android smartphones running Android 7.0 or a higher build going all the way up to Android Pie.

Android users could be remotely hacked simply by viewing a legitimate-looking PNG image, Google has warned in its latest security update.

The vulnerability was disclosed by Google but the company confirms that they have already released a patch to the Android Open Source Project (AOSP) repository. Several old devices will also not receive the update at all.

Notícias recomendadas

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.