Android vulnerability lets hackers wreak havoc using, er, a PNG file

Google Fixes Critical PNG Security Bug but Millions of Android Smartphones Still Vulnerable

Since Google hasn't released the technical details of the flaw, so it won't be easy for anyone to abuse this hacking method. And as soon as users open the image, it triggers the exploit and allows bad actors to remotely execute arbitrary code and wreak havoc.

The security vulnerability update is quite vague as it doesn't share anything about what precautions need to be taken or how a hacker can send simple looking PNG files to victims on e-mail, a program, or social websites that in reality trigger an Android smartphone to be compromised.

While there isn't a record of the attack actually happening in the wild, the vulnerability in Android versions 7.0 to 9.0 would give hackers "privileged access" to run malicious code on any Android device that had opened a malicious PNG image file.

IT'S NO SECRET that Android isn't always the most secure mobile operating system, but getting potentially pwned by a PNG - even for Google's mobile OS - is a bit much.

The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.

Google recently began the rollout of the February 2019 Android security update that addresses a total of 42 issues and fixes vulnerabilities of varying severity levels.

The flaw found in Android specifically deals with three vulnerabilities.

In effect, this means that Android users, those who are not using Google-branded devices, may have to wait months to receive a security update and that's presuming they receive one at all. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that "source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours". Well, the February 2019 Android security update has only been released for the Pixel smartphones, the Pixel C tablet, and the Essential Phone.

Related News:



Most liked

Southampton’s Danny Ings out for three weeks with hamstring injury
But the two teams could flip situations if someone were to win this Saturday so let us see how each team could win on Saturday. They struggled bit to score against two teams that sat back having only scored one goal in the last two matches.

3rd T20I: Kiwis beat India by 4 runs to claim series
On the third ball of the final over, Karthik denied a single and later ended up taking a single off the next ball. Having regularly lost middle-order wickets, India gave the impression of lacking behind in the chase.

Wigan's Chris Ashton a surprise inclusion in England RU side
This could well just be a platitude that all managers will say after a good performance, although they don't really mean it. He was nearly available for selection this week, but he's not.

Violence mars yellow vest protest in Paris as unrest spreads to Rome
But last week's official estimates were disputed both by march organisers and an independent estimate carried out for news media. The protests have brought hundreds of thousands of people out onto the streets all over France.

Sportscaster arrested for damaging 'racist' Plantation Estates sign
The local ABC and CBS great was famous for his " Let's go to the videotape " catchphrase. He turned himself in to police Thursday and charged with criminal mischief.

Wells Fargo extends branch hours after mobile system outage
Wells Fargo responded to some Twitter users that it was aware of an issue regarding direct deposit payments. Whitney Dawe uses the Wells Fargo app every day; he's been banking with them for almost eight years.

Ricky Ponting joins Australia coaching staff ahead of World Cup
Seven years after he last played global cricket, Ponting is back in the Australian cricket team for the ICC Cricket World Cup 2019.

Freezing Rain Creates 'Ghost Apples' in Michigan Orchard
A man pruning apple trees in an icy orchard in MI on Wednesday discovered a very odd phenomenon: ghost apples. He later took to Facebook with photos of the glass-looking orbs, dubbing the icy creation "ghost apples".

Fortnite Share The Love Event - Overtime Challenges & Rewards, Double XP Weekend & Competitive
Players who now support a Creator or enter a Creator Code between February 8 - 22 will receive the free Cuddle Hearts Wrap. Don't sweat it, Epic is keeping tracking of things, so you'll receive your goody pack as soon as the update releases.

Coke unveils its first new flavor in over a decade
In introducing the new Orange Vanilla Coke, it hopes to ensure the Coke brand doesn't begin to feel stale with consumers. Coca-Cola says it tested raspberry, lemon in ginger in focus groups, but orange and vanilla came out as favorites.

Fortnite now lets you merge accounts on different platforms
This means that all the cosmetic items and V-Bucks that you've earned across platforms will be conveniently gathered in one place. The first stage of the process is heading over to the Epic Games website and selecting the merge account option.

French yellow vest anti-govt protests turn violent in Paris
He wanted to bat it away so it didn't explode by his leg - and it went off when he touched it", he added. It wasn't pretty: "he was screaming with pain, he had no fingers - he didn't have much above the wrist".

Border officer shoots driver; Arizona port of entry reopens
After shots were fired, CBP says the vehicle continued to roll across the border when Mexican authorities gave the man first aid. Customs and Border Protection officer at a port of entry is in critical condition in an Arizona hospital.

IHOP celebrates National Pizza Day with the 'Pancizza'
If you don't fancy using Foodism's deal, you can go straight to Papa John's website and get 33% off when you spend £30 or more. All you have to do is enter the code "THANKYOU" to access the deal! Deal is available from February 7-17, carry-out only.

Quebec Mosque Shooter Alexandre Bissonnette's Sentencing Underway
Launched on June 1, 2016, Daily Hive is the evolution of Vancity Buzz and is now in Vancouver, Calgary, Toronto, and Montreal. More than 50 people were at the Islamic Cultural Centre in January 2017 when he began shooting during evening prayers.