One of the ways to prevent your smartphone from being compromised is to not simply click on links or download APKs that you’re unsure of. Unfortunately it might not be as simple as that as hackers have gotten better at hiding their malware in seemingly innocuous files, such as a PNG image.
Google recently detailed its Android security update for the month of February where they discovered a critical vulnerability within Android’s framework. This vulnerability allowed hackers to compromise an Android smartphone by sending a PNG file to their victim, and when that file is open, the vulnerability is exploited which would give hackers access to the phone to execute code on it. According to Google:
“The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
Thankfully Google claims that to date, they have yet to receive any reports of this particular vulnerability having been exploited in the wild, which means that hackers might not have stumbled upon in yet.
Google has since patched the flaw in the latest Android security update, so if you haven’t updated yet, now’s a good time to do so. Google has also declined to provide additional details about the vulnerability to prevent hackers from exploiting it on devices that have yet to be patched.
Source: Google