Your IT Consultant

Android Users Beware: Evil PNG Files

February 13, 2019

Android users of Nougat (7.0), Oreo (8.0) and Pie (9.0) should patch their devices as soon as an update is available because of a vulnerability dealing with PNG files. Apparently, it is possible for an “evil” PNG file to “execute arbitrary code within the context of a privileged process.” Just by viewing the file in an email, text or in a browser. In other words, your Android device is owned by just viewing the file. Not to worry if you are a Pixel user. Google has already patched for the vulnerability and distributed the update. Users of non-Google devices are screwed until vendors provide an update. This is one of the problems with the Android ecosystem. Google can push out updates quickly since it “drives” the OS, but others are later to distribute updates since they need to make sure the update doesn’t screw with all the bloatware they add to the base OS.

Notice that the vulnerability impacts all of the latest versions of Android. You shouldn’t even be using a device that is running anything older than Nougat (7.0).

Email:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com