Google Fixes Critical PNG Security Bug, but Millions of Android Smartphones Still Vulnerable

But if you believe this is only a normal security upgrade, you might want to reconsider. One of those vulnerabilities fixed by Google could enable a hacker to seed malware just sending a photo in PNG format. And when users open the image, it activates the tap and allows bad actors to remotely execute arbitrary code and wreak havoc.

But despite Google having recognized and fixed the matter, there is little respite for those millions of Android smartphone users out there. Why? The February 2019 Android security upgrade has only been released for its Pixel smartphones, the Pixel C tabletcomputer, and the Vital Phone. Needless to say, the amount of Pixel apparatus out there’s seemingly nothing compared to the countless Android smartphones from other brands. To further aggravate the issue, the vast majority of at-risk users have never been notified as to if their Android smartphone is going to obtain the February 2019 Android security update and safeguard them.

So, what can be done in this circumstance? The best solution is to not open a picture, especially a PNG file received via an untrusted email, SMS, or on a messaging platform. To simply put it, opening the infected PNG file will trigger the exploit and could open the floodgates for downloading malware on the gadget.

The critical vulnerability was spotted in three forms (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and affects Android smartphones running Android 7.0 or a higher build going all the way around Android Pie. Google asserts that so far, no episodes of poor actors exploiting the important security bug have been reported so far. Additionally, Google has already notified all Android partners concerning the safety bug one month before publishing details of their vulnerabilities and also has released the code stains to the Android Open Source Project (AOSP) repository.

Even though Pixel users have obtained an upgrade to patch the critical vulnerability, other smartphone manufacturers are yet to release an update to deal with the matter on their offerings. Until that happens, we advise you to refrain from opening PNG documents obtained from anonymous people and download the security update as soon as it becomes available.