Google receives flak for not patching PNG vulnerability, researchers say millions of Android users still at risk

By Digit NewsDesk | Published on 11 Feb 2019
HIGHLIGHTS
  • Google’s February Security patch for phones included a fix for a critical PNG vulnerability. Security researchers slam Google for not patching the flaw earlier.

Google receives flak for not patching PNG vulnerability, researchers say millions of Android users still at risk

Highlights:

  • Google recently patched a PNG vulnerability.
  • The flaw could infect Android users and is still a cause of concern, as per security researchers.
  • Google’s frivolous approach to media parsing deemed root cause of the issue. 

 

Early this month, Google announced that its February security update is now available for Google Pixel series of smartphones. While the new patch addresses a wide range of vulnerabilities, Google has received flak from cybersecurity experts for not patching a flaw earlier that the company itself has deemed a critical security vulnerability in Framework. The bug in question enables a remote attacker to execute arbitrary code within the context of a privileged process using a specially crafted Portable Network Graphics (PNG) file. Android Headlines reports that a security expert from Tripwire computer security, Craig Young, calls the flaw “alarming” and suggests that the “root cause of the issue is a frivolous approach to media content parsing on Google's part.” 

One can be affected by the flaw by simply viewing a modified PNG image file that is infected. The primary issue here is that even though the flaw is being patched with the February security update, users can be exploited since the patch takes some time to make it to devices. Additionally, the problem is said to affect all devices running on Android 7.0 Nougat and above, and most smartphone makers might not even release a security patch for older devices. As per the report, Tim Erlin, Tripwire Product Management VP, is worried that "manufacturers may wait months to protect users from attackers" in this case, which is something that generally happens in the Android ecosystem. As of now, the only reasonable solution to this issue seems to be an expedited rollout process of the new February security patch. 

Speaking of cybersecurity, February 5 was Safer Internet Day and Google announced a bunch of new tools and products to help users secure their data. The company released a new Chrome extension called Password Checkup that works just like HaveIBeenPwned. It matches a user’s login credentials with its database of breached usernames and passwords and alerts them if it finds that the credentials were ever included in a data leak. In case the credentials match, the extension triggers an automatic warning and suggests that the user changes their password.

Google also announced new encryption called Adiantum, which is aimed at less powerful devices like entry-level smartphones and other smart devices like TVs and smartwatches. The new method is said to be designed such that there is no need to use specialised hardware for efficient encryption of locally stored data. 

Related Reads: 

Adiantum is Google’s latest security innovation to enable encryption on less powerful devices

Google’s new Password Checkup Chrome extension brings HaveIBeenPwned-like service to your browser

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More

Tags:
Android Security software vulnerability
Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
₹ 22999 | $hotDeals->merchant_name
iQOO 7 5G (Solid Ice Blue, 8GB RAM, 128GB Storage) | 3GB Extended RAM | Upto 12 Months No Cost EMI | 6 Months Free Screen Replacement
iQOO 7 5G (Solid Ice Blue, 8GB RAM, 128GB Storage) | 3GB Extended RAM | Upto 12 Months No Cost EMI | 6 Months Free Screen Replacement
₹ 31990 | $hotDeals->merchant_name
Samsung Galaxy M31 (Ocean Blue, 6GB RAM, 128GB Storage)
Samsung Galaxy M31 (Ocean Blue, 6GB RAM, 128GB Storage)
₹ 14999 | $hotDeals->merchant_name
Redmi Note 10 Pro (Dark Night, 6GB RAM, 128GB Storage) -120hz Super Amoled Display|64MPwith 5mp Super Tele-Macro
Redmi Note 10 Pro (Dark Night, 6GB RAM, 128GB Storage) -120hz Super Amoled Display|64MPwith 5mp Super Tele-Macro
₹ 17999 | $hotDeals->merchant_name
Redmi 9 Power (Mighty Black 4GB RAM 64GB Storage) - 6000mAh Battery |FHD+ Screen | 48MP Quad Camera | Alexa Hands-Free Capable
Redmi 9 Power (Mighty Black 4GB RAM 64GB Storage) - 6000mAh Battery |FHD+ Screen | 48MP Quad Camera | Alexa Hands-Free Capable
₹ 10999 | $hotDeals->merchant_name
DMCA.com Protection Status