1. The vulnerability impacts Android 7. Zero and above versions
2. It can be exploited via a specially crafted PNG file
3. No reviews of the vulnerability being exploited up to now
Google recently started the rollout of the February 2019 Android safety replace that addresses a complete of 42 issues and fixes vulnerabilities of various severity tiers. But if you think that is only everyday protection replace, you might need to rethink. One of the vulnerabilities constant by means of Google should allow a hacker to seed malware with the aid of simply sending a photo in PNG layout. And as quickly as users open the image, it triggers the take advantage of and permits terrible actors to remotely execute arbitrary code and wreak havoc.
This is how Google describes it, pronouncing in its February Android 2019 safety patch notes, “The most severe of these issues is a crucial safety vulnerability in Framework that might permit a far-flung attacker the use of a mainly crafted PNG document to execute arbitrary code inside the context of a privileged procedure.” But regardless of Google having diagnosed and glued the issue, there is little respite for the tens of millions of Android cellphone users accessible. Why? Well, the February 2019 Android protection update has most effective been launched for the Pixel smartphones, the Pixel C pill, and the Essential Phone. Needless to mention, the variety of Pixel gadgets out there may be reputedly nothing in comparison to the tens of millions of Android smartphones from other manufacturers. To further worsen the difficulty, a majority of at-chance customers have no longer been notified as to while their Android cellphone will receive the February 2019 Android security replace and guard them.
So, what can be performed in this example? The first-class solution is to no longer open a photograph, mainly a PNG record obtained via an untrusted e-mail, SMS, or on a messaging platform. The awareness right here is on a PNG document, because the vital vulnerability may be exploited through a mainly crafted PNG report to execute arbitrary code in the context of a privileged manner. To certainly positioned it, starting the infected PNG file will set off the take advantage of and could open the floodgates for downloading malware at the device.
The vital vulnerability has been noticed in three bureaucracy (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and impacts Android smartphones strolling Android 7. Zero or a better construct going all the way as much as Android Pie. Google claims that so far, no incidents of terrible actors exploiting the vital security computer virus had been pronounced so far. Moreover, Google has already notified all Android partners approximately the safety computer virus one month prior to publishing details of the vulnerabilities and has additionally launched the code patches to the Android Open Source Project (AOSP) repository.
While Pixel users have obtained an update to patch the essential vulnerability, other phone makers are yet to launch an update to deal with the difficulty on their offerings. Until that happens, we endorse you to refrain from opening PNG documents acquired from unknown humans and download the safety replace as quickly because it turns into to be had.