HIGHLIGHTS
1. The vulnerability impacts Android 7. Zero and above versions
2. It can be exploited via a specially crafted PNG file
3. No reviews of the vulnerability being exploited up to now
Google recently started the February 2019 Android safety replacement rollout, which addresses 42 issues and fixes vulnerabilities of various severity tiers. But you might need to rethink if you think that is only an everyday protection replacement. One of the vulnerabilities is that the constant use of Google should allow a hacker to seed malware to send a photo in a PNG layout. As quickly as users open the image, it triggers the take advantage of and permits terrible actors to execute arbitrary code and wreak havoc remotely.
This is how Google describes it, pronouncing in its February Android 2019 safety patch notes, “The most severe of these issues is a crucial safety vulnerability in Framework that might permit a far-flung attacker the use of a mainly crafted PNG document to execute arbitrary code inside the context of a privileged procedure.” Regardless of Google having diagnosed and glued the issue, there is little respite for the tens of millions of Android cellphone users who are accessible. Why? The February 2019 Android protection update has most effectively been launched for the Pixel smartphones, the Pixel C pill, and the Essential Phone. TThe variety of Pixel gadgets out there may be reputedly nothing compared to the tens of millions of Android smartphones from other manufacturers. To further worsen the difficulty, most at-chance customers have no longer been notified that their Android cellphones will receive the February 2019 Android security replacement and guard them.
So, what can be performed in this example? The first-class solution is to open a photograph that is no longer mainly a PNG record obtained via an untrusted e-mail, SMS, or messaging platform. The awareness right here is on a PNG document because the vital vulnerability may be exploited through a mainly crafted PNG report to execute arbitrary code in the context of a privileged manner. To certainly position it, starting the infected PNG file will set off the take advantage and open the floodgates for downloading malware to the device.
The vital vulnerability has been noticed in three bureaucracies (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988), impacting Android smartphones strolling Android 7. Zero or a better construct goes as much as Android Pie. Google claims no incidents of terrible actors exploiting the vital security computer virus have been pronounced. Moreover, Google notified all Android partners about the safety of computvirusesruses one month before publishing the vulnerability.iIts. Additionally, the code patches to the Android Open Source Project (AOSP) repository.
While Pixel users have obtained an update to patch the essential vulnerability, other phone makers are yet to launch an update to deal with the difficulty of their offerings. Until that happens, we encourage you to avoid opening PNG documents acquired from unknown humans and quickly downloading the safety replacement because it turns out to be had.