Android phones vulnerable to maliciously crafted PNG images

Apple may have had the bulk of attention thanks to its FaceTime bug that may be because it rarely gets such serious flaws. Or at least they rarely get reported. Android's more open nature, however, brings exploits to light more easily and more regularly, which, in theory, should mean they also get patched up faster. Google's latest security bulletin mentions one such bug that could let hackers run arbitrary code on your phone simply by making users open an image of a cute cat on your Android phone.

OK, it's not fair to blame felines because the photo can be of any animal, place, or thing. What makes thee image deadly is not what it depicts but the format it's in. Specifically, Google reports that a carefully crafted image in PNG format, when opened, could let an attacker execute code with privileged access. This, in turn, could eventually lead to situations where an attacker could gain access to data or, worse, hijack the phone.

Given how easy the process may seem and how almost all Android devices are vulnerable to it, Google hasn't yet published details about the security exploit. No reports about active exploits have been publicized yet, but it might only be a matter of time. The good news is that the same security bulletin includes the fix for that. The bad news is that this is Android we're talking about.

While Google's Pixel and Nexus phones, as well as the Essential PH-1, have received the latest security update, most of the Android phones in the wild haven't. Some might even still be at December's security patch. As the vulnerability affects all devices on Android 7.0 Nougat up to Android 9.0 Pie, the reach is quite wide. Hopefully it won't take an actual and destructive exploit before OEMs start scrambling again.