Google’s February Security patch for phones included a fix for a critical PNG vulnerability. Security researchers slam Google for not patching the flaw earlier.
Want to modernise your banking loan application?
Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift
Click here to know moreAdvertisements
Early this month, Google announced that its February security update is now available for Google Pixel series of smartphones. While the new patch addresses a wide range of vulnerabilities, Google has received flak from cybersecurity experts for not patching a flaw earlier that the company itself has deemed a critical security vulnerability in Framework. The bug in question enables a remote attacker to execute arbitrary code within the context of a privileged process using a specially crafted Portable Network Graphics (PNG) file. Android Headlines reports that a security expert from Tripwire computer security, Craig Young, calls the flaw “alarming” and suggests that the “root cause of the issue is a frivolous approach to media content parsing on Google's part.”
One can be affected by the flaw by simply viewing a modified PNG image file that is infected. The primary issue here is that even though the flaw is being patched with the February security update, users can be exploited since the patch takes some time to make it to devices. Additionally, the problem is said to affect all devices running on Android 7.0 Nougat and above, and most smartphone makers might not even release a security patch for older devices. As per the report, Tim Erlin, Tripwire Product Management VP, is worried that "manufacturers may wait months to protect users from attackers" in this case, which is something that generally happens in the Android ecosystem. As of now, the only reasonable solution to this issue seems to be an expedited rollout process of the new February security patch.
Speaking of cybersecurity, February 5 was Safer Internet Day and Google announced a bunch of new tools and products to help users secure their data. The company released a new Chrome extension called Password Checkup that works just like HaveIBeenPwned. It matches a user’s login credentials with its database of breached usernames and passwords and alerts them if it finds that the credentials were ever included in a data leak. In case the credentials match, the extension triggers an automatic warning and suggests that the user changes their password.
Google also announced new encryption called Adiantum, which is aimed at less powerful devices like entry-level smartphones and other smart devices like TVs and smartwatches. The new method is said to be designed such that there is no need to use specialised hardware for efficient encryption of locally stored data.
Popular Mobile PhonesView All
Hot DealsView All
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.