Android vulnerability lets hackers wreak havoc using, er, a PNG file

Android vulnerability lets hackers wreak havoc using, er, a PNG file

Android vulnerability lets hackers wreak havoc using, er, a PNG file

Google hasn't released any technical details of the vulnerability but has confirmed that it's fixed.

While there isn't a record of the attack actually happening in the wild, the vulnerability in Android versions 7.0 to 9.0 would give hackers "privileged access" to run malicious code on any Android device that had opened a malicious PNG image file.

It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, although it's not now known if other platforms may be exposed to the vulnerability as well.

In Google's latest Android security bulletin, the search giant fesses that one vulnerability could enable a PNG file that's been loaded with malicious code to be executed within an Android app if said application views it.

However, Android manufacturers delay the updates which means that there are still devices that haven't received the fix. But it needs to seen when the handset vendor who sell smartphones based on Android operating system release the update. Should the user open the file, the exploit is triggered. To simply put it, opening the infected PNG file will activate the exploit and could open the floodgates for downloading malware on the device.

Wells Fargo Woes Continue; Employees Report Paychecks Not Deposited
Wells apologized multiple times during the outage and said any fees that customers incur because of the outage would be reversed. "We are aware of an issue regarding the processing of direct deposit into Wells Fargo accounts".

It's also worth noting that Google didn't report such an exploit being used in the real world, which probably suggests that hacking has moved a bit beyond inserting code into PNG files.

The vulnerability has been patched in the February Android Open Source Project repository, but unlike Apple iOS devices, which can receive security updates when they are available, Android devices require updates from either the smartphone maker or a users' carrier.

Remote attackers are then able to execute arbitrary code in the context of a privileged process, according to Google.

The flaw found in Android deals with one of the three vulnerabilities identified in the Android framework and it is one of the most critical security issues for this month's security update.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.