The critical security vulnerability, as Google notes, exists in Android's Framework and "it could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process."
Google has already released the security update to fix the vulnerability. It had also notified all its partners and released the code patches to the Android Open Source Project (AOSP) repository.
However, despite the proactive measures to fix the flaw, millions of Android devices are still vulnerable to the hack. The reason for this simple. The security patch that Google has released will fix issues in a handful of devices including Google's own Pixel smartphones, the Pixel C tablet, and the Essential smartphone. That still leaves millions of Android smartphones vulnerable to the attack as it will take smartphone makers to adapt the patch as per their own user interface and roll out the update on to their devices.
However, the scenario is not all grim. The Mountain View, California based company said that so far it has heard no reports where the vulnerability had been used to target Android users. "We have had no reports of active customer exploitation or abuse of these newly reported issues," Google said in its Android Security Bulletin for the month of February 2019. Additionally, the company, according to a report by ZDNet, has declined to share the technical details of the hack in order to mitigate the risk of the attack.
n case you don't own a Pixel smartphone, the best way to stay clear of the hack is by not downloading PNG images from unknown or unreliable sources.
No comments:
Post a Comment