Android vulnerability lets hackers wreak havoc using, er, a PNG file

Android phones vulnerable to maliciously crafted PNG images

Since Google hasn't released the technical details of the flaw, so it won't be easy for anyone to abuse this hacking method. And as soon as users open the image, it triggers the exploit and allows bad actors to remotely execute arbitrary code and wreak havoc.

The security vulnerability update is quite vague as it doesn't share anything about what precautions need to be taken or how a hacker can send simple looking PNG files to victims on e-mail, a program, or social websites that in reality trigger an Android smartphone to be compromised.

While there isn't a record of the attack actually happening in the wild, the vulnerability in Android versions 7.0 to 9.0 would give hackers "privileged access" to run malicious code on any Android device that had opened a malicious PNG image file.

IT'S NO SECRET that Android isn't always the most secure mobile operating system, but getting potentially pwned by a PNG - even for Google's mobile OS - is a bit much.

The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.

Google recently began the rollout of the February 2019 Android security update that addresses a total of 42 issues and fixes vulnerabilities of varying severity levels.

The flaw found in Android specifically deals with three vulnerabilities.

In effect, this means that Android users, those who are not using Google-branded devices, may have to wait months to receive a security update and that's presuming they receive one at all. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that "source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours". Well, the February 2019 Android security update has only been released for the Pixel smartphones, the Pixel C tablet, and the Essential Phone.

Related News:



Most liked

Southampton’s Danny Ings out for three weeks with hamstring injury
But the two teams could flip situations if someone were to win this Saturday so let us see how each team could win on Saturday. They struggled bit to score against two teams that sat back having only scored one goal in the last two matches.

3rd T20I: Kiwis beat India by 4 runs to claim series
On the third ball of the final over, Karthik denied a single and later ended up taking a single off the next ball. Having regularly lost middle-order wickets, India gave the impression of lacking behind in the chase.

Wigan's Chris Ashton a surprise inclusion in England RU side
This could well just be a platitude that all managers will say after a good performance, although they don't really mean it. He was nearly available for selection this week, but he's not.

Wells Fargo extends branch hours after mobile system outage
Wells Fargo responded to some Twitter users that it was aware of an issue regarding direct deposit payments. Whitney Dawe uses the Wells Fargo app every day; he's been banking with them for almost eight years.

TSA confiscated record number of guns from carry-ons in 2018
That 2018 tally included 21 guns at Logan International Airport, nine at Bradley International Airport in CT , four at T.F. The pilot, Brian Andrew Machtemes , who lives in Minnesota, was arrested at Southwest Florida International Airport.

Unspecified "security incident'': Australian parliament computer network breached"
Australian PM Scott Morrison said he didn't intend to comment in depth on "the source or nature of this". Security industry sources said it was possible China could be behind the latest attack.

Fortnite now lets you merge accounts on different platforms
This means that all the cosmetic items and V-Bucks that you've earned across platforms will be conveniently gathered in one place. The first stage of the process is heading over to the Epic Games website and selecting the merge account option.

Wizards trade Morris to Pelicans for Johnson
But on the eve of the trade deadline, New Orleans has acquired veteran forward Markieff Morris from the Washington Wizards . Meanwhile, the Pelicans have been on the lookout for another forward for the majority of the season.

The Bonfire of the Virginia Democratic Party, in GIFs
In a statement to NPR, a spokesman for Virginia GOP Chairman Jack Wilson offered a slightly more cautious response. Those denials are not enough for him to keep his job, according to his fellow Democrats in the state Legislature.

China condemns Indian PM Modi’s visit to disputed region
The Chinese Foreign Ministry on Saturday strongly opposed Indian PM Modi's visit to the so-called "Arunachal Pradesh". Both India and China have sought to rebuild trust after the Doklam standoff in 2017.

Republican accuses Democrats of 'dog and pony show' during Whitaker's hearing
Trump, when asked on Thursday about the dispute between Nadler and Whitaker , said of Whitaker: "He's an outstanding person. Democrats repeatedly accused Whitaker of running out the clock by giving them evasive or rambling answers in the hearing.

Solskjaer: Manchester United team selection a 'risk' at Fulham
Nobody has seemingly gained more from Mourinho's departure than Pogba. "Well I've just spoken to him outside", Solskjaer said. Schurrle fired over from close-range after Alexsandar Mitrovic harried Chris Smalling into another mistake moments later.

Kendrick Lamar, Drake and Childish Gambino reportedly turned down the Grammys
Grande declined to perform and stayed relatively quiet about the ordeal. "I've kept my mouth shut but now you're lying about me". Join PeopleTV live on the red carpet at Clive Davis and the Recording Academy's iconic pre-Grammy Awards gala on Saturday night.

IHOP celebrates National Pizza Day with the 'Pancizza'
If you don't fancy using Foodism's deal, you can go straight to Papa John's website and get 33% off when you spend £30 or more. All you have to do is enter the code "THANKYOU" to access the deal! Deal is available from February 7-17, carry-out only.

‘Walking Dead’ star Danai Gurira reportedly exiting zombie series
The announcement of her departure strikes another massive blow to the hit series after Andrew Lincoln left late previous year . She's given a huge part of her professional life to The Walking Dead , and it looks like she's ready for a new challenge.