Android Bug Lets Hackers Attack a Phone Using Only an Image File

Ceria Alfonso
Febrero 10, 2019

We review products independently, but we may earn affiliate commissions from buying links on this page. Should the user open the file, the exploit is triggered.

Opening a cute cat meme or innocent landscape photo may seem harmless enough, but if it happens to be in a.PNG format, your Android device could be critically compromised due to a new attack.

As per Google's Android security bulletin, A flaw in the operating system's framework can let a remote attacker execute computer code on an Android smartphone using a specially crafted PNG file. That's because a vulnerability in Android from versions 7.0 to 9.0 will allow hackers to run code on your smartphone or tablet after you've looked at the image.

Google stressed that it has no reports of active exploitation or in wild abuse of any of the vulnerabilities listed in its February security bulletin. Experts have demonstrated that you can encrypt Android malware inside images as a way to evade antivirus software. Google hasn't released any technical details of the vulnerability but has confirmed that it's fixed.

More news: Ocado warehouse fire: Homes evacuated amid 'explosion risk'

A remote attacker can easily exploit this vulnerability just by tricking users into openly maliciously crafted PNG image file on their Android devices sent through a mobile message service such as Whatsapp or an email.

It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, although it's not now known if other platforms may be exposed to the vulnerability as well. The good news is that Google has patched the problems with an update to Android.

Unfortunately, it is unknown when third-party handset manufacturers will roll out the security updates on their phones, as many of them take weeks, if not months, to do roll them out. So you won't be protected until your Android handset receives the 2019 February update. Also, no cases have been reported yet of anyone exploiting the vulnerability.

Otros informes por

Discuta este artículo