Google has reported a serious bug in the Android security bulletin. It reveals a new method which can allow hackers to attack Android smartphone by using malicious PNG files.
A major flaw in Android’s framework allows an attacker to execute computer code remotely by using a maliciously crafted PNG image file to smuggle the code.
Just by opening the evil PNG file on a chat app or email, the malware can start running on the device with high-level privileges.
The flaw found in Android deals with one of the three vulnerabilities identified in the Android framework and it is one of the most critical security issues for this month’s security update.
While Google has deliberately kept the details vague at this point, but it did confirm that a security patch has been rolled out to address this issue.
However, several third-party device makers take weeks or months to roll out security patches to their phones, so it leaves your device vulnerable until handset receives the 2019 February update.
Since Google hasn’t released the technical details of the flaw, so it won’t be easy for anyone to abuse this hacking method. Also, no cases have been reported yet of anyone exploiting the vulnerability.
This isn’t the first time when PNG files are flagged as dangerous because they can be rigged easily. And it is very easy to send a harmless-looking PNG file to victims over chat, email or social media which in turn triggers the device to download malware.