>Opening a maliciously crafted PNG image file could allow hackers to remotely execute arbitrary code as a privileged process on Android versions 7.0 to 9.0.
>In Google's Android security update for February, the tech giant's advisory noted a critical vulnerability which exists in the Android operating system's framework.
>All it takes to trigger the bug is for attackers to send a crafted, malicious Portable Network Graphic (.PNG) file to a victim's device. Should the user open the file, the exploit is triggered.
>Remote attackers are then able to execute arbitrary code in the context of a privileged process, according to Google.
did you read the article? this bug was patched in the latest update to AOSP.
Noah Adams
Android 9.0 with a carrier/manufacturer bloatware IS the latest update in the Android world.
Anthony Moore
>this bug was patched in the latest update to AOSP. Which very few Android users have or will ever get on their phone. Enjoy having your mom's phone get rekt and your contact info sold on the dark web.
Isaac Morris
>the manufacturer makes an outdated build. its still outdated.
>version 7.0 to 9.0 jokes on them my android is too outdated to be vulnerable to this
Nathan Taylor
based
Chase Thomas
Android is made up of two branches: the "Android" version, which really refers to the userspace, and the security patch level, which can be updated standalone from the rest of the OS. I'm on Android 8.1 and still have this month's patches. Try arguing harder
Hudson Martin
LineageOS doesn't have this problem.
Zachary Morgan
Yeah, everywhere else users don't update despite being able to.
>YOU CAN CONTROL A PERSON'S ANDROID PHONE IF THEY OPEN A PNG Whereas an iPhone you only need to send a message to.
Juan Moore
Wouldn't this be the perfect rooting solution for older Android phones, literally only looking at an image to get Magisk. Also the a great way to get rid of phoneposters. >loads the catalog >one bad image >Gentoo gets forcibly installed as the new operating system Nothing personal kid
No. this is code execution not privileged escalation.
William Lee
> CVE ID Not Found > CVE ID Not Found > CVE ID Not Found > ZDNET top kek
> In January, researchers revealed the existence of a new malvertising group called VeryMal. The scammers specifically target Apple users and bury malicious code in digital images using steganography techniques to redirect users from legitimate websites to malicious domains controlled by the attackers.
android by a long shot, even more secure if you're able to get root access, so you have FULL control over what data comes and goes from your phone.
Wyatt Richardson
Android, but you must install LineageOS without GApps. Don't root the LineageOS install if you want even more security.
William Evans
>Android is the only OS where most users have an outdated, never to be updated device >most users >he doesn't know Android OS updates by itself from the manufacturers >still mad Android OS is the #1 mobile OS on the planet >seething about how his toy iOS is ultimate computing meme AHahahahahahahaHAHaha . S E E T H I N G
Tyler Hernandez
Thats why Windows 10 updates itself
Josiah Watson
Based but Nougat bros will have this problem until next month
HA, good thing they stopped updating my phone at version 6!
Benjamin Thomas
Couldn't you crash an iPhone by sending one letter to someone?
Henry Mitchell
>Download any pngs on your outdated Lagdroid phone, Jow Forums? of course I do, the problem affects versions 7 to 9. My Android 6 phone isn't affected.
Matthew Johnson
You weren't supposed to point that out...
Nathan Ward
>installing rajeesh's custom rom for security patches >bugs: you tell me sir
Why the fuck does android still delete every single file downloaded through a browser when you delete a browser? Who the fuck is in charge of this OS? This has been an issue for years.
Isaac Morales
So can't use iPhone since they're overpriced botnets, can't use android because it has slow apps and a vulnerability, so I guess just don't use smartphones?
William Hughes
maybe if your maintainer is too stupid to qualify for official LineageOS daily builds
Noah Cruz
settings. notifications. blocked the fact that it exist at all is indeed retarded
>Download any pngs on your outdated Lagdroid phone, Jow Forums? No.
Brandon Thomas
Please remember that security updates are separate from version updates. Patches for exploits like this can come through security updates to old devices that aren't receiving version updates. Just looking at the Android version isn't indicative of what security patches the device has.
Ayden Powell
Because crashing is worse than giving somebody control of your phone, right?
Hunter Reed
Librem 5.
Easton Butler
yikes
Aaron Hernandez
Drink bleach and shoot yourself in the mouth, you fucking failed abortion.
Zachary Martin
>you're promoted for loonageos™ official rajeesh if your build boots
>Samsung Galaxy S3 is at a patch level from mid-2017 because it's the d2att is longer officially supported >Building Android from scratch is hell and I'm not sure it'd matter this second because >New phones run for over 500 smackaroos these days >Chinkphones don't support American networks Part of me wishes a nigga would but the rest of me wants to die.
>android is not Linux for security issues only for user share Oh, I didn't realize you were all hypocrites.
John Garcia
The article >Android can be hacked with a PNG What this actually means >Android can be rooted with a PNG
Nathan Ward
What is actually does >Confirms Android is a botnet
Blake Peterson
so?
Ian Nguyen
which image viewer/library is affected?
Isaiah Richardson
rooting just got a whole lot simpler
Jeremiah Ward
ALL
Gavin Campbell
>Linux is insecure malware infested botnet. lel
Aaron Cruz
>just, like, don't be poor Are you the same guy who spams recommendations for approaching $1000 cell phones in every cell phone thread? How much do they pay you per post?