Thanks to a new vulnerability, a single file can compromise your Android device

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

If you thought opening an image of a cute cat is harmless then you might be wrong as new vulnerability might allow hackers to lure you into opening a cute PNG file and compromise your device. The new vulnerability targets all the Android devices that have Android Nougat and above.

The vulnerability was disclosed by Google but the company confirms that they have already released a patch to the Android Open Source Project (AOSP) repository. As pointed out by ZDNet there is no way of knowing if your device has been hacked. Google hasn’t released any technical details of the vulnerability but has confirmed that it’s fixed.

The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

However, Android manufacturers delay the updates which means that there are still devices that haven’t received the fix. Google has stated that they released the fix with the February 2019 patch so if you haven’t got the patch yet, be careful and don’t open PNG files from untrusted sources.

Via: BGR

More about the topics: android, google, security vulnerability