HomeWinBuzzer NewsAndroid Vulnerability Allows Full System Exploit Through PNG Files

Android Vulnerability Allows Full System Exploit Through PNG Files

Attackers were able to hide malicious code behind PNG files in Android Nougat and above. Google says the flaw has now been fixed.

-

is hardly known as the paragon of security, so when a new vulnerability is found its not a surprise. Although, it is sometimes surprising just how easily 's mobile platform can be exploited. Take a newly discovered flaw, which targets users by luring them with a cute image.

Never has downloading an image of a cute puppy been so dangerous. Google has disclosed a vulnerability in Android Nougat and above where hackers are luring users by tricking them through a cute PNG file.

Remote attackers created PNG files that would execute arbitrary code to give privileged access to bad actors. Getting users to open the PNG file could be as easy as hiding the code behind a cool image, or something seemingly innocent.

Google says it has already released a patch through its Android Project (AOSP) repository. However, in terms of security, the company's software model is harmful.

Fix Problems

Android updates to not roll out uniformly, with OEMs able to decide when to release patches. This has led to the laughably fragmented Android ecosystem and the truth is some security patches and updates may never arrive.

Also, there is no way to know if a device has been hacked by this latest ploy. Google did not describe the technical details of the vulnerability or any potential mitigations.

We do know the fix was issued this month, so there is a chance most Android users have yet to receive it. Obviously, the best way to prevent being hacked in this manner is to simply avoid opening PNG files from untrusted sources, or from contacts who are passing it along.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News