Android vulnerability lets hackers wreak havoc using, er, a PNG file

Android phones vulnerable to maliciously crafted PNG images

Should the user open the file, the exploit is triggered.

As vendors utilizing the Android operating system roll out security patches and updates at different rates, Google has declined to reveal the technical details of the exploit to mitigate the risk of attack.

In Google's latest Android security bulletin, the search giant fesses that one vulnerability could enable a PNG file that's been loaded with malicious code to be executed within an Android app if said application views it. So you won't be protected until your Android handset receives the 2019 February update.

According to Google's Android Security Bulletin, the vulnerability that allows "a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process", is the most severe vulnerability.

Google says it offers the monthly security patch to its OEM partners at least a month in advance but we have not heard from smartphone makers as to when then plan to release security patch for their devices.

Kangana Ranaut’s Manikarnika finds a fan in Anupam Kher
Basically, it wasn't my intention. "When Aamir called me for Dangal , Secret Superstar , I went all the way to Ambani's house. This womencentric film was also helmed by Kangana and the actress held her hopes high for this film.

Ceferin plans FFP reforms after UEFA re-election
Ceferin said while he leads UEFA and Agnelli heads the influential European Club Association "there will be no Super League". UEFA member voters gave Greg Clarke a 37-18 win over David Martin, the Northern Ireland federation president.

Epic Games reveals Fortnite Share The Love event
Jump into Fortnite and share the love with your favorite Creator! Overtime challenges and rewards are coming to Fortnite . We've compiled a full list of all the new things you can expect, so take a look below to see what's changing.

A remote attacker can easily exploit this vulnerability just by tricking users into openly maliciously crafted PNG image file on their Android devices sent through a mobile message service such as Whatsapp or an email.

The critical vulnerability has been spotted in three forms (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and affects Android smartphones running Android 7.0 or a higher build going all the way up to Android Pie.

Google has already patched the security issue and the patches were pushed to the Android Open Source Project (AOSP) repository.

Craig Young, computer security researcher for Tripwire Inc.'s Vulnerability and Exposure Research Team, told SiliconANGLE that it appears that the vulnerability is directly related to how Android parses, that is interprets, an image before rendering it. And you'd have no way of knowing you've been targeted. Several old devices will also not receive the update at all.

Related:

Comments

Latest news

Year-old with cancer sworn in as Freeport TX cop
Abigail said she wanted to become a police officer so she could fight the "bad guys": the cancer in her body. Her mother, Ilene Arias, told CNN: 'They basically said it's time to enjoy some life. "Extremely tough.

A bunch of BioWare classics are coming to console this year
Skybound said additional details including box contents and specific platform support will be unveiled in the coming months. Well this is a news article that we never saw coming. "We're thrilled to find ourselves working with such a talented group".

Kanye West’s Identity Stolen, Signature Forged For $900K Phony Performance Contract!
The Blast also reports that an additional $150,000 was wired to Burundi Partlow Consulting, which is a Chicago-based company. He says the Plein and himself agreed on a "t-shirt" shortly after recanting on their "concert" agreement.

January unemployment rate rises in Alberta
He credited recent job gains drawing people back in as for why the participation rate is running at its highest level since 2017. Elsewhere, though, including Quebec, Ontario, Nova Scotia, New Brunswick and Manitoba, jobs were added.

Bodycam video shows Florida man dancing during sobriety test
He was awoken by deputies but then tried to get out the vehicle while the auto was in drive. After he was awakened, Larson began to get out of the truck without putting it in park.

Finland's basic income trial boosted well-being, but not employment
The majority of Finnish political parties in the current parliament do not support basic income as defined for the test. It took a different tack previous year , however, by imposing benefits sanctions on unemployed people who refused work.

The New Chucky Movie Trailer Is Completely Terrifying
The film was written by Tyler Burton Smith ( Quantum Break ) and directed by Lars Klevberg ( Polaroid ). However, several people have expressed concern and disinterest over the reboot.

Manafort meeting with Russian at heart of probe
District Court Judge Amy Berman Jackson during the court session, which spanned more than four hours, including a lunch break. Manafort went out of his way in this instance ... to not want to provide any evidence that could be used with respect to Mr.

Ashton replaces Nowell for England's Six Nations clash with France
Chris Ashton will make his first Six Nations start since 2013 when he replaces Jack Nowell who drops to the bench. Jones also promised the win in Ireland was "just the start", and England would be better this week.

French yellow vest anti-govt protests turn violent in Paris
There were more violent clashes in France on Saturday as the Yellow Vest protest movement entered its thirteenth week. Police say the demonstrator, whose condition isn't now known, is being treated by emergency workers.

No meeting with China's Xi before tariff deadline
The countries had taken a 90-day hiatus in their trade war, putting a planned increase in tariffs on hold, to hammer out an accord.

Matthew Whitaker Hearing Goes Off The Rails After He Chastises Chairman
Whitaker's testimony Friday was in limbo after the House Judiciary Committee approved a tentative subpoena to ensure he appeared. He added that he has not denied any funds to the special counsel's investigation.

Renault to report Ghosn's extravagant Versailles wedding
The wedding party was an extravagant Marie Antoinette-themed splash at Versailles, and featured actors in 18th century clothing. Ghosn has said fellow executives opposed to forging closer ties between Nissan and Renault schemed against him.

Record-Setting Number of Guns Found in Airline Baggage in 2018
Orlando International Airport was the fifth worst offender in 2018 with 123 firearms found, 112 of which were loaded. The 2018 firearms discoveries amount to 81.6 guns per week trying to get through security, or 11.6 firearms per day.

Ghost apples: Freezing rain creates lovely , spooky phenomenon in MI
On Wednesday, Andrew Sietsema said he was pruning trees when he discovered apple-shaped ice hanging from the branches. Widespread freezing hit western MI this week leaving behind something pretty cool in area orchards.

Other news