02 March 2019
Earlier this week, Google released the February 2019 security patch for Pixel devices. It has now been reported with this particular patch, it has fixed a crucial Android security bug related to PNG image files. The bug would have allowed an attacker to execute code remotely with the help of nothing but just a specially crafted PNG image.
Google mentions that when such an infected PNG file is sent to a user who chooses to download it, the exploit gets triggered almost instantly. This allows the hacker/attacker to execute arbitrary code remotely and take control of the affected Android device. Since the bug is exploited using a PNG image file, it is hard to detect beforehand as the image looks harmless like any other pic.
This particular bug is said to be present on devices running Android 7.0 Nougat to Android 9.0 Pie. It means there are just millions of devices which are vulnerable to the attack. Even though Google has released the fix with February 2019 security patch, it is currently available only on Pixel devices. It can take months for other smartphone makers to release the patch with many of the devices unlikely to receive it ever. Although Google has mentioned it has not received any reports of the security bug getting exploited.
It is the reason if your particular OEM sends an update with February security patch, make sure to download and install it as soon as possible. In the time being, you should try to avoid downloading PNG image files from untrusted sources. While it is not a concrete solution, this is the best that you can do in current circumstances.