It is no secret that being online all the time brings with it certain security risks and vulnerabilities. We’re vulnerable whether we’re using our desktop PC, Mac, or mobile. As if to demonstrate the constant security risks, we face across all of our devices, Google has highlighted a new vulnerability it has found on Android smartphones.
Android security vulnerability leaves phones open to attack via malicious PNG files
In a security bulletin published last week, Google released details of an Android bug that was leaving users vulnerable to attack. According to the bulletin, the bug “could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.” This means that a seemingly harmless PNG image file could leave your Android device wide open to hackers.
The good news in all of this is that Google reported the bug to Android over a month ago and the problem has since been fixed. If your phone has recently received an update, then it will have received the patch that deals with this issue. Unfortunately, with Android being such a fragmented OS, with many smartphone manufacturers running it across billions of devices there will still be a lot of people yet to receive the update. Fortunately, Google has also reported that no users have reported falling victim to the bug so far.
The bad news is that there will still be users who are vulnerable to attack via this weakness and details are thin on the ground about what the attack might look like. With Google only talking about the theoretical possibilities in their security bulletin, information on what the “specially crafted PNG file” could look like is non-existent. If you use an Android phone and it hasn’t been updated recently, you need to be extra careful when opening or downloading PNG files. Always make sure the source of the file is reputable and can be trusted before clicking on or downloading the PNG file in question.
This news of a new security vulnerability found in Android comes on the back of a lot of new evidence showing that Google may be about to turn its back on the Android brand in favor of something more modern and multi-platform compatible. Google has quietly been removing the word Android from a number of its key products and there is a lot of talk going around about Google Fuchsia, a new OS that will work on all devices from smartphones and laptop like Chromebooks to wearable devices like smartwatches. Whereas there is nothing linking this latest story to the ongoing development of a new smartphone OS, it is telling that Google is a little more willing to discuss potential problems that Android may be facing.