Hackers can compromise your Android phone with a single image file

  • Hackers can compromise your Android phone with a single image file

Hackers can compromise your Android phone with a single image file

Still, Google hasn't released technical details of the flaw.

What's the harm in opening a digital image?

Opening a cute cat meme or innocent landscape photo may seem harmless enough, but if it happens to be in a.PNG format, your Android device could be critically compromised due to a new attack. However, given the ease in which the bug can be exploited, users should accept incoming updates to their Android builds as soon as possible. Furthermore, there are no current reports of the PNG issue being exploited in the wild (which isn't surprising considering victims likely won't even realize they've been targeted), but the risk remains as long as your Android device doesn't get the latest security updates. But it needs to seen when the handset vendor who sell smartphones based on Android operating system release the update. The best solution is to not open an image, specifically a PNG file received via an untrusted email, SMS, or on a messaging platform. So you won't be protected until your Android handset receives the 2019 February update. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that "source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours". The focus here is on a PNG file, because the critical vulnerability can be exploited via a specially crafted PNG file to execute arbitrary code within the context of a privileged process.

Craig Young, computer security researcher for Tripwire Inc.'s Vulnerability and Exposure Research Team, told SiliconANGLE that it appears that the vulnerability is directly related to how Android parses, that is interprets, an image before rendering it.

The flaw found in Android deals with one of the three vulnerabilities identified in the Android framework and it is one of the most critical security issues for this month's security update.

The vulnerability has since been patched.