Critical Remote Code Execution Vulnerability Affects Android Via .PNG Image File

  • 766
  •  
  •  
  • 1
  •  
  •  
  •  
    767
    Shares

Sharing landscape pictures, cute animal photos or memes is quite common among smartphone users. That’s why images serve as one of the most robust pathways for attackers to spread malware. Google has recently warned Android users of a .PNG image bug that could allow an attacker execute malicious code on the victim’s device.

Critical .PNG Image Bug Threatened Android Users

As revealed in Google’s recent Android Security Bulletin, a .PNG image bug potentially put a vast majority of Android users at risk. The bug could potentially allow an attacker to take control of the device by elevating privileges. Exploiting the vulnerability merely requires an attacker to send a maliciously crafted .PNG image file to the victim’s device.

According to Google, the vulnerability mainly existed in the Android framework. As described,

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.”

Google has allegedly identified this flaw as three different vulnerabilities targeting Android versions 7.0 to 9. Precisely, the flaws include CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988 which Google has patched in Android version 9, versions 7.0 to 9, and versions 8.0, 8.1, 9, respectively.

For now, Google confirmed that they found no evidence of exploits in the wild. However, given the ease of exploiting the flaw, Google hasn’t revealed any technical information as of yet.

Numerous Other Security Flaws Also Patched

In addition to the PNG image vulnerability, Google also fixed numerous security flaws in Android Library, system, Kernel components, and NVIDIA components. These flaws could result in remote code execution, elevation of privileges, and information disclosure.

Google has released the patches in two different security patch levels, for which it states,

“This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly.”

Android users should ensure they update their devices to the latest versions to secure ones-self from potential exploits.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!