Google has discovered that a malicious PNG image opened on an Android smartphone could give hackers access to the device.
In its latest Android Security Bulletin, Google announced the discovery of a severe vulnerability that “could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process”. This means that someone could execute a targeted attack to gain access to your smartphone and run malicious code, just by you viewing a PNG image in a browser or message app.
The exploit affects smartphones running Android Nougat (7.0), Oreo (8.0), and the current version, Android OS Pie (9.0). Google says it has had no reports of active exploits based on this vulnerability yet.
Unfortunately, a patch to solve this issue will be dependent on the various Android handset manufacturers. Users are urged to update their Android smartphone as soon as an update is available for your device. Until then, caution should be exercised when opening images from unknown sources. You know what I’m talking about.