Opening a single image in PNG format may be enough for your Android phone to be compromised by hackers, and that’s regardless of how tech-savvy you might be. That’s because a vulnerability in Android from versions 7.0 to 9.0 will allow hackers to run code on your smartphone or tablet after you’ve looked at the image. And you’d have no way of knowing you’ve been targeted.
The news comes directly from Google’s newest security update , which mentions the critical PNG vulnerability in Android:
The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
As ZDNet explains, Google declined to reveal the technical details of the exploit in an effort to mitigate the risk of attack. It’s also unclear what an attacker would be able to do with the help of this security vulnerability. Furthermore, there are no current reports of the PNG issue being exploited in the wild (which isn’t surprising considering victims likely won’t even realize they’ve been targeted), but the risk remains as long as your Android device doesn’t get the latest security updates.
Google has already patched the security issue and the patches were pushed to the Android Open Source Project (AOSP) repository. As always, make sure to update your Android device to the latest available version of Android as, and that you download the security updates as soon as you get any notifications. You can also try to limit the exposure to a potential hack by not opening any PNG files until you’ve updated your phone. Read more about the matter in Google’s February 2019 security bulletin.