Android Users Exposed to Remote Hack via PNG File
February 08, 2019 / Phil Muncaster
Android users could be remotely hacked simply by viewing a legitimate-looking PNG image, Google has warned in its latest security update. The Android Security Bulletin for February lists 42 vulnerabilities in the Google mobile operating system, 11 of which are critical. “The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process,” it warned. “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.” Although there are no reports of users being actively targeted in the wild via this vulnerability, this could change as the window for individual ecosystem vendors to issue patches can run into several weeks or even months.