Android vulnerability lets hackers wreak havoc using, er, a PNG file

New Android Bug Can Let Hackers Attack Phone With PNG Image File

New Android Bug Can Let Hackers Attack Phone With PNG Image File

Google hasn't released any technical details of the vulnerability but has confirmed that it's fixed.

While there isn't a record of the attack actually happening in the wild, the vulnerability in Android versions 7.0 to 9.0 would give hackers "privileged access" to run malicious code on any Android device that had opened a malicious PNG image file.

It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, although it's not now known if other platforms may be exposed to the vulnerability as well.

In Google's latest Android security bulletin, the search giant fesses that one vulnerability could enable a PNG file that's been loaded with malicious code to be executed within an Android app if said application views it.

However, Android manufacturers delay the updates which means that there are still devices that haven't received the fix. But it needs to seen when the handset vendor who sell smartphones based on Android operating system release the update. Should the user open the file, the exploit is triggered. To simply put it, opening the infected PNG file will activate the exploit and could open the floodgates for downloading malware on the device.

Liverpool announce record £125m pre-tax profits
There were also a number of new commercial deals, including the club's first-ever sleeve sponsor, financial services firm, Western Union.

It's also worth noting that Google didn't report such an exploit being used in the real world, which probably suggests that hacking has moved a bit beyond inserting code into PNG files.

The vulnerability has been patched in the February Android Open Source Project repository, but unlike Apple iOS devices, which can receive security updates when they are available, Android devices require updates from either the smartphone maker or a users' carrier.

Remote attackers are then able to execute arbitrary code in the context of a privileged process, according to Google.

The flaw found in Android deals with one of the three vulnerabilities identified in the Android framework and it is one of the most critical security issues for this month's security update.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.