Google was reserved in providing specific details about how the vulnerability works, noting only that it related to Android's Framework.On the positive note, there are no known cases of the vulnerability being exploited in the wild. And as soon as users open the image, it triggers the exploit and allows bad actors to remotely execute arbitrary code and wreak havoc.
If you thought opening an image of a cute cat is harmless then you might be wrong as new vulnerability might allow hackers to lure you into opening a cute PNG file and compromise your device.More news: Danny Ainge confident Boston Celtics can keep Kyrie Irving
It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, although it's not now known if other platforms may be exposed to the vulnerability as well.
The vulnerability, found in Android 7.0 Nougat through to Android 9.0 Pie, was first disclosed by Google in an Android Security Bulletin published February 4.More news: Missouri leak prompts closure of parts of TransCanada, Enbridge pipelines
It's also worth noting that Google didn't report such an exploit being used in the real world, which probably suggests that hacking has moved a bit beyond inserting code into PNG files. So you won't be protected until your Android handset receives the 2019 February update. A serious flaw in the operating system's framework can let a remote attacker execute computer code on an Android device by using a "specially crafted PNG file", the notice said. To simply put it, opening the infected PNG file will activate the exploit and could open the floodgates for downloading malware on the device.
Unfortunately, it is unknown when third-party handset manufacturers will roll out the security updates on their phones, as many of them take weeks, if not months, to do roll them out. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that "source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours".More news: Trump Says Summit With Xi 'Unlikely' by Tariff Deadline Date