HIGHLIGHTS
1. The vulnerability impacts Android 7. Zero and above versions
2. It can be exploited via a specially crafted PNG file
3. No reviews of the vulnerability being exploited up to now
Google recently started the February 2019 Android safety replace rollout that addresses 42 issues and fixes vulnerabilities of various severity tiers. But if you think that is only everyday protection replace, you might need to rethink. One of the vulnerabilities constant using Google should allow a hacker to seed malware to send a photo in PNG layout. And as quickly as users open the image, it triggers the take advantage of and permits terrible actors to execute arbitrary code and wreak havoc remotely.
This is how Google describes it, pronouncing in its February Android 2019 safety patch notes, “The most severe of these issues is a crucial safety vulnerability in Framework that might permit a far-flung attacker the use of a mainly crafted PNG document to execute arbitrary code inside the context of a privileged procedure.” But regardless of Google having diagnosed and glued the issue, there is little respite for the tens of millions of Android cellphone users accessible. Why? The February 2019 Android protection update has most effectively been launched for the Pixel smartphones, the Pixel C pill, and the Essential Phone. Needless to say, the variety of Pixel gadgets out there may be reputedly nothing in comparison to the tens of millions of Android smartphones from other manufacturers. To further worsen the difficulty, most at-chance customers have no longer been notified that their Android cellphone will receive the February 2019 Android security replace and guard them.
So, what can be performed in this example? The first-class solution is to open a photograph no longer, mainly a PNG record obtained via an untrusted e-mail, SMS, or messaging platform. The awareness right here is on a PNG document because the vital vulnerability may be exploited through a mainly crafted PNG report to execute arbitrary code in the context of a privileged manner. To certainly positioned it, starting the infected PNG file will set off the take advantage and open the floodgates for downloading malware at the device.
The vital vulnerability has been noticed in three bureaucracies (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and impacts Android smartphones strolling Android 7. Zero or a better construct going all the way as much as Android Pie. Google claims that no incidents of terrible actors exploiting the vital security computer virus have been pronounced so far. Moreover, Google has already notified all Android partners approximately the safety computer virus one month before publishing details of the vulnerabilities and has additionally launched the code patches to the Android Open Source Project (AOSP) repository.
While Pixel users have obtained an update to patch the essential vulnerability, other phone makers are yet to launch an update to deal with the difficulty of their offerings. Until that happens, we endorse you to refrain from opening PNG documents acquired from unknown humans and quickly downloading the safety replacement because it turns into to be had.