Opening a cute cat meme or innocent landscape photo may seem harmless enough, but if it happens to be in a .PNG format, your Android device could be critically compromised due to a new attack.
In Google’s Android security update for February, the tech giant’s advisory noted a critical vulnerability which exists in the Android operating system’s framework.
All it takes to trigger the bug is for attackers to send a crafted, malicious Portable Network Graphic (.PNG) file to a victim’s device. Should the user open the file, the exploit is triggered.
Remote attackers are then able to execute arbitrary code in the context of a privileged process, according to Google.
Android versions 7.0 to 9.0 are impacted.
There are no current reports of the vulnerability being exploited in the wild. However, given the ease in which the bug can be exploited, users should accept incoming updates to their Android builds as soon as possible.
As vendors utilizing the Android operating system roll out security patches and updates at different rates, Google has declined to reveal the technical details of the exploit to mitigate the risk of attack.