Google has made adjustments to the operation of the mobile operating system, removing dozens of vulnerabilities, 25% of which were critical. Fixed a large-scale bug Android could open access to the user's device using a regular PNG file. The picture allowed running malicious code on a smartphone if the user opened it.
A major Android vulnerability, which the company's developers tried to fix, made it possible for attackers to control other people's smartphones. Special graphic files of the well-known PNG format have become a tool for this. A malicious program embedded in an image is launched immediately after the file is opened. As a result, fraudsters could perform the actions they wanted on the user's Android device.
Android versions starting with 7.0 Nougat 2017 and ending with fresh 9.0 Pie are under the probable threat. Healing patches are created by the manufacturers themselves, not by Google, so the release time of updates for different devices will differ. So far, no official use cases of the opened bug have been identified, however, users are advised to install the available security updates in a timely manner.
In total, Google security specialists have worked to fix 42 dangerous system vulnerabilities. Of these, only one Android bug was rated as Medium, 11 bugs were considered critical.
A little earlier, in 2016, the detected malicious code also used graphic images. The script settled in advertising GIFs, and selected users of payment systems and online banking for the attack. The virus hid between the pixels of the GIF images, remaining unnoticed for two whole years.
The Topic of Article: An ordinary picture could be the reason for hacking millions of smartphones.