Published: Sun, February 10, 2019
IT | By Lester Massey

Your Android Phone Could Get Hacked Just By Opening A PNG Image

Your Android Phone Could Get Hacked Just By Opening A PNG Image

Google was reserved in providing specific details about how the vulnerability works, noting only that it related to Android's Framework.On the positive note, there are no known cases of the vulnerability being exploited in the wild.

What's the harm in opening a digital image?

Opening a single image in PNG format may be enough for your Android phone to be compromised by hackers, and that's regardless of how tech-savvy you might be.

These critical vulnerabilities affect millions of devices running on Android 7.0 Nougat to its current Android 9.0 Pie. The focus here is on a PNG file, because the critical vulnerability can be exploited via a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The good news is that Google has patched the problems with an update to Android. There's probably no way people would know they had been targeted.

The vulnerability was one of three bugs impacting Android Framework - CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988 - and is the most severe security issue in the February update. It isn't hard to imagine why; by exploiting the flaw, a hacker could send harmless-looking PNG files to victims over email, a messaging app, or social media that in reality trigger an Android device to download additional malware. Well, the February 2019 Android security update has only been released for the Pixel smartphones, the Pixel C tablet, and the Essential Phone. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that "source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours".

Google's bulletin also outlined remote code execution flaws impacting the Android library, system files, and Nvidia components. It is not clear when other Android smartphone makers will release the update to their own devices.

Like this: