Opening Malicious File Grants Access to Android Devices
A critical vulnerability exists in the Android operating system’s framework that could allow a threat actor to send a malicious PNG image file to an Android device and execute arbitrary code if opened. This is just another example of the steganography technique used to bury malicious code in digital images. Android versions 7.0 and 9.0 are impacted and patches have been released. The NJCCIC recommends patching systems as updates become available. More details on the Android vulnerability and updates can be found in their security bulletin and ZDNet’s blog post.