Connect with us

News

Google Fixes Critical Bug Exclusively for Pixel as of Now

Avatar

Published

on

pixel

Recently, Google rolled out their February 2019 Android security update that addressed 42 issues and fixed vulnerabilities of different severity levels. But it looks like this will be more of a problem than any good. One of the vulnerabilities which has been fixed by Google might allow hackers to seed malware by sending a photo in the format of PNG. As soon as the user would open the image, it could trigger the exploit and will be able to allow bad actors to remotely execute arbitrary code and wreak havoc on the user’s phones.

Google described it thus in their February Android 2019 security patch notes- “The most severe of these issues has been a critical security vulnerability in the Framework which might allow remote attackers to use special PNG files tp execute arbitrary code in the context of a privileged process.

The issue has been identified and fixed but didn’t receive that great response since this February security patch update was rolled out only for Pixel phones, Pixel C tablet, and Essential phones. The users who are actually in high-risk of these attacks haven’t received any updates for this vulnerability.  

So, what can be done in this case? The best solution is to not open an image, specifically a PNG file received via an untrusted email, SMS, or on a messaging platform. The focus here is on a PNG file because the critical vulnerability can be exploited via a specially crafted PNG file to execute arbitrary code within the context of a privileged process. To simply put it, opening the infected PNG file will activate the exploit and could open the floodgates for downloading malware on the device.

This critical vulnerability has been spotted in three forms (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and is shown to affect Android smartphones that run on Android 7.0 or a higher build.

Google claimed that until now, no bad actors have exploited the critical security bug and Google has notified all their Android partners regarding the security bug a month prior to publishing details of it and has shared the code patches in the Android Open Source Project (AOSP) repository.

Pixel users have received the update of this patch, but other smartphone makers are yet to receive an update and address the issue on their offerings. Until then, it is highly suggested to avoid opening PNG files from unknown people or emails.

Please follow and like us:
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending