Author: Cameron Summerson / Source: How-To Geek
If you’re running a Google Pixel handset, your phone is safe from a security hole that could let a PNG file completely wreck the system. If you’re using nearly any other Android handset, then your phone is vulnerable. This is a problem.
Google recently released the February security update for Pixel devices, which closes a hole that would allow malicious PNG files to “execute arbitrary code within the context of a privileged process.” In simpler terms, the code can run at a high level and steal your info—all you need to do is open the file. That’s it.
That means any PNG that comes to you—be it in an email, a messaging client, or even over MMS—could potentially hijack the system and steal valuable data. That is, on any phone that isn’t a Pixel, because they’re protected now. Samsung, LG, OnePlus, and most other manufacturers’ handsets are still susceptible to this bug. We have to start holding manufacturers to a higher standard when it comes to security updates. Period.
I currently have four Android phones within arm’s reach: Pixel 2 XL, Pixel 1, Samsung Galaxy S9, and OnePlus 6T. The two Pixels are patched and protected with the February update, but the S9 and 6T are only on the December security patches. That means any newer vulnerabilities—like this PNG one, for example—are unpatched on both of these handsets. Considering that Samsung Galaxy devices are among the most popular phones on the planet, this is troubling.
But it’s not just an issue because of the current problem. This is a dynamic problem that is a constant concern—or at least it should be. As long as there…
The post Android’s Real Security Problem is the Manufacturers appeared first on FeedBox.