Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Phones Can Be Hacked Remotely By Viewing Malicious PNG Image (csoonline.com)

Posted by BeauHD on from the innocent-but-potentially-harmful dept.

An innocent-looking image -- sent either via the internet or text -- could open your Android phone up to hacking. "While this certainly doesn't apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids -- those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0)," reports CSO Online. From the report: The latest bulletin lists 42 vulnerabilities in total -- 11 of which are rated as critical. The most severe critical flaw is in Framework; it "could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process." Although Google had no report of the security flaws being actively exploited, it remains to be seen if and how long it will take before attackers use the flaw for real-world attacks. Android owners were urged to patch as soon as security updates becomes available. But let's get real: Even if your Android still receives security updates, there's no telling how long it will be (weeks or months) before manufacturers and carriers get it together to push out the patches.

4 of 149 comments (clear)

  1. This is one reason by hcs_$reboot · · Score: 1, Informative

    let's get real: Even if your Android still receives security updates, there's no telling how long it will be before manufacturers and carriers get it together to push out the patches

    ...I still prefer an iPhone.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
    1. Re:This is one reason by Anonymous Coward · · Score: 2, Informative

      I have an LG from 2016 and they haven't released any OS updates since 2017.

  2. Re: In before smug Apple fans by GrahamJ · · Score: 4, Informative

    But youâ(TM)re not smug at all right?

    You don't know if it 's being exploited. You don 't know if it has to be crafted for a specific phone. You don 't know how many phones will actually get that update.

    The FaceTime bug was mitigated very soon after disclosure for every single device simultaneously.

    Most Android users would love to have the "problem " of having to have the latest OS. Any iPhone user susceptible to the bug already had iOS 12.

    All phones suffer when their batteries are old. It's harder to notice when the device runs like shit out of the box.

  3. Re:In before smug Apple fans by _merlin · · Score: 3, Informative

    If, as the summary suggests, this allows arbitrary code to run with elevated permissions simply by viewing a PNG image, then this could be exploited to install malware that runs as root with access to all the data on your device, all your accounts, ability to modify any app, etc. That's pretty fucked up. (Yeah I know summaries can be misleading, but I have a relatively low UID so I've been conditioned over years to never RTFA.)