Time to say goodbye to your boorus and 4channels on your Android phone unless you use a first party Google phone
source.android.com/security/bulletin/2019-02-01 >The most severe vulnerability in this section could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process
It's not difficult to imagine that once it's reverse engineered such pictures will swarm Jow Forums and Android users viewing them would get their data stolen. And it will take some time for some vendors to patch their builds
Not all devices. Especially 14.1 ones. January bulletin is still not merged. That says something.
Dominic Green
galaxy s3 has unofficial 9.0 build with latest patches. that's a 7 year old phone
Chase Cooper
why would they care? it's a shill general.
Xavier Parker
A PNG file is a resource. Resources need to be loaded by an application.
Caleb Lewis
Made by some pajeet developer. Fuck that shit.
Josiah Evans
How the fuck can a PNG file "execute code"? What are they even talking about?
Anthony James
Oh and good luck getting patches for proprietary components like firmware and other blobs faggot. 7 year old phone, still vulnerable.
Jace Wilson
thank you, I thought I was going insane
Juan Davis
>Resources need to be loaded by an application. if png file is opened using the android framework it will execute encoded code in the context of said application
Cooper Flores
does this mean i can root my phone without resetting it?
Charles Peterson
vulnerability only works in the context of host application malicious code can't get elevated above permissions that are given to the application so it's impossible but still most popular apps have a wide range of permissions that are already given to them so viewing such file could potentially fuck up your system pretty good, you could lose your SD/USB files or get them uploaded into the interwebz
Leo Brooks
Androiddlers btfo? >how the fuck do you hide malicious code inside a png?
Parker Bailey
header parsing, most probably gonna be a fun week
Cameron Cooper
>hide malicious code inside a png? Converting code to an image doesn't mean the code can be executed, for fucks sake. It's an image. It shouldn't be executable.
Parker Collins
>yet another false flag put in place by jewggle to boost its dead image format (along with their own exploits for it so they can spy even more than they already do) fucking pathetic
Austin Myers
tfw I'm on android 6 feels good
Jack Allen
>using anything above Marshmlalow
Connor Ramirez
Same. Was actually thinking about updating recently.
Noah Powell
>tfw Android 4.4 masterrace
Oliver Collins
is it android specific or some libpng thing?
Henry Collins
>Tfw still running android 4
Carter Cox
>a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process Damn, how am I going to view pictures from root apps now.
Cooper Collins
You sound like my dad when he downloaded an image.png.exe
Adam Martin
I'm on Android 4 so suck my nuts
Angel Perez
>assuming the platform and service mitigations are turned off for development purposes
Its fucking nothing.
Ethan Sanchez
Isn't your browser an application?
Gabriel Brooks
>.png extension >executable by default No. Your OS will consider it an image and won't execute it even if it is an actual executable. If your shitty gallery app does something else then it is to blame.
Nathan Fisher
Why even question? Shitania, come here you dumb cunt!
Justin Parker
There have been RCE vulnerabilities patched in nearly every monthly update but ok
This reminds me of the "clock.gif" which was popular on dumbphones. It basically rebooted your phone after the animation was complete (pocket watch got closed). Though I assume this is much more severe.
