The Android device proved to be 'vulnerable to being hacked just by watching PNG images'


by TheDigitalWay

I found that there is a "risk of being hacked just by opening a PNG image" on an Android device. This risk is based on the newly discovered three vulnerabilities and it can affect many smartphones because it is a vulnerability seen in the latest Android 9.0 Pie from Android 7.0 Nougat.

Android Phones Can Get Hacked Just by Looking at a PNG Image
https://thehackernews.com/2019/02/hack-android-with-image.html

In the security update of February 2019, Google reported a vulnerability affecting Android devices. Google patched a total of 42 vulnerabilities, of which 11 vulnerabilities were "severe" severity, 30 vulnerabilities "high" severity, 1 vulnerability was "moderate It was the severity of.

Google engineers do not disclose the technical details of the vulnerability, but the three vulnerabilities that were particularly severe are "flaws in heap- based buffer overflow " and "errors in SkPngCodec ", " There was a vulnerability on the rendering component ". And the vulnerability concerning the rendering of PNG images makes it possible to hack using PNG images.

Among the three vulnerabilities, the most dangerous is a vulnerability related to PNG images, "By using a PNG image that an external attacker made specially crafted, it is possible to execute arbitrary code remotely from privileged processes It will be, "Google says. An attacker can execute arbitrary code on the target terminal simply by sending a malicious PNG image with a message application, downloading it from the Internet, sending it by e-mail, and directing the user to open the image It seems to be able to do. Note that it can not be confirmed with the naked eye whether the PNG image is loaded with malicious code.


by Soumil Kumar

Google emphasizes "There is no report that the vulnerability has been exploited or damaged" in the security update report, and he said Android partners are informed about a new vulnerability a month ago I mentioned.

in Mobile,   Software,   Security, Posted by log1h_ik