[ad_1]
Google has revealed a new way to penetrate Android-powered smartphones using harmful PNG files, as well as the revelation of this problem last week via Google's Android security bulletin.
The company said in an alert that three newly discovered critical vulnerabilities in the operating system infrastructure could allow a remote attacker to execute code on an Android device with the help of A specially designed PNG file.
The good news is that Google has corrected the issues raised by an Android system update, but many external device manufacturers may take several months to deploy security patches on their own phones. As a result, you will not be protected until your Android device is updated in February.
Users should be cautious when opening an image file on their smartphone because a malicious PNG file, received via the chat application or an email, can start malicious software on it. device with high level privileges.
The vulnerabilities affect millions of devices running the latest versions of Google's mobile operating system, ranging from Android Nogat 7.0 to the current Android Android Pie 9.0.
The security vulnerabilities identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988 have been corrected in Google's Open Source Android (AOSP) project by Google as part of February Android security.
Although Google engineers have not yet released technical details illustrating the weaknesses, the updates indicate a buffer overflow vulnerability, SkPngCodec errors, and errors in some components displaying PNG images.
Google has fixed 42 security vulnerabilities in the mobile operating system, of which 11 clbadified as critical, 30 high risk and one moderate.
Tech has confirmed that it has not reported any active exploitation or misuse of the weaknesses listed in the February safety bulletin.
Google announced to its Android operating system partners all vulnerabilities a month before its release, adding that the original code fixes for these issues would be published in the project's AOSP repository Android OS Open Source in the next 48 hours.
[ad_2]
Source link