I'M GONNA POST IT

I'M GONNA POST IT

Attached: vulnerability.png (1804x970, 308K)

And?

>Android

And nothing of value was lost.

>png

Attached: click.jpg (480x476, 20K)

>phoneposting

>png


Fuuuuuuuuuuuuuuuuk

FFFFFFFFUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCCCCCKKKKKKKKK
WHAT DID YOU DO NIGGA
ARE YOU IN MY PHONE NOW?
ARE YOU IN MY ACCOUNTS?
FUUUUUUUUUUUUUUUUUUUUUUCK UUUUUUUUUUUUUUUUUUU

Lmao get a load of this guy.

Just harden your phone, you aren't all brainlets right?

>"a specifically crafted PNG file"
>picture is a png
Fuck.

THESE NEWS ARTICLES AREN'T CLEAR
DO I HAVE TO 'OPEN' THE IMAGE (I.E. THE FILE IS DOWNLOADED AND THEN I OPEN IT IN MY DEFAULT IMAGE VIEWING APP?
OR COULD IT DO DAMAGE SIMPLY BY BEING SEEN IN THE BROWSER (CHROME)?

HAAAAAAAAAAAAAAAALP!!!!!!!!!!!!!!
FUCK YOU OP FUCK UUUUUUUUUUUUUUUUUUUUUUUUUUU

>b02.png
It's all over

THIS IS LIKE THAT BIRD BOX NETFLIX SHIT

IF YOU SEE IT, YOU'RE DEAD

Attached: Netflix_Bird_Box_Watching-e1546522488564[1].jpg (1000x749, 55K)

>tfw lineageOS
Yeah whatever kid

dont open this
or say goodbye to your phone

Attached: 1510234403240.png (555x555, 508K)

Am I the only one waiting for a root method without unlocking the bootloader with this?

Exactly this. There's a reason you don't buy locked down phones.

I'm patched. only outdated faggots have to worry.

Fug

>Finally got my chinkphone wrestled sufficiently to install a new lineage ROM
>Check the patch level
>January something, 2019
>Install an update today
>February 5, 2019
Am I safe now? Was my sacrifice of my 4G service enough to please the smartphone gods and bless me with safety. Also it's slick how Linage has quasi-OTA update by downloading the thing, executing some magick, and then launching TWRP with the correct parameters to start flashing my shit without me needing to do much.

Attached: 1546934025753.jpg (1536x2048, 446K)

>he doesn't fuzz his parser
deserved, poo shit

Browsers have at least some competency in this direction. Chromium and Google in general fuzz all their projects, lead in testing methodologies and use well tested media codecs. Plus they have some content sandboxing (not Firefox kek).

So if I simply clicked on/expanded it on mobile Jow Forums in up-to-date Chrome on Android (in incognito as well), I should be ok?

I downloaded and scanned OP's image just in case, uploaded it to VirusTotal. All clear. But I don't know what that's worth...

Shit, maybe I should just stay away from Jow Forums. Maybe OP here was joking, but someone in this cesspool is bound to try something sooner or later...

Attached: 1519694768745.jpg (267x181, 11K)

Attached: inject.png (256x256, 821)

STAHP IT

Attached: 1542705779141.gif (475x347, 574K)

You've already viewed the image, it's too late user
The best part is that you don't even know what it did.

What's supposed to happen?

I'm on lineage nightly though

Well that would ruin the surprise, wouldn't it?

>our system thinks your post is spam
REEEEEEEEE

Attached: apanizing-beam-top-snek-top-of-the-snek-chain-36242764.png (500x1406, 278K)

so that's how you deal with phoneposters :^)

>patch didn't roll out for my phone
Well, time to get a new phone?

Attached: Screenshot_20190212-154254.png (1080x1920, 82K)

Fug i opened it

Am i fug

ur fug

>removes png loading
Yep, that'll do'er

check my 5

Interesting. How do I check what code is in this png?

Honest question, how on earth do you even write a program that can execute arbitrary code from a png file of all things. You need to try to do that.

open it with notepad lol

XD

Why does Jow Forums ban images with too low a byte/pixel ratio? Shouldnt it be the other way around?

Tried uploading a 256 byte png test image to scare people. And it rejects them all as spam.

modern computer architectures mix data and code. You just accidentally jump to a place in memory that contains user data and it will blindly execute it.

>within the context of a privileged process

So like, something with root access? So clover is fine cause I didn't root my phone?

No. It means "runs as root" or "is treated as a process with root permissions", so it's bypassing root restrictions. You don't need to be rooted or use a system app, that's the whole point.

Yikes

But Clover doesn't run as a privileged process.

It doesn't have to. Besides, it uses system webview to render shit even if it needed to. This png shit is also a chromium bug and webview=chrome.

disgusting phoneposters

Attached: 1549142659532.png (970x752, 570K)

>we have had no reports

/thread

is this another one of those "kernel devs go sicko mode and do decoding in the kernel for a 5% speedup"?

Attached: 1512753285877.jpg (201x216, 20K)

>chrome
You deserve every bit of the pozzed aids cancer you're getting.

Meanwhile on Ubuntu Touch

Attached: 0530639487207.gif (204x255, 1.8M)

No they don't. That's not even a thing they do. The operating system does when it loads an executable image. It checks the file headers, sees what maps to where, and what flags are enabled for it - for example, a program will have a text (code) segment with the "execute" flag only, a data (initialized data/constants) segment that is read only, and a bss (unitialized data/variables) segment that is either read+write or execute+read+write or a combination of the three.

>phoneposters

test
might segfault

Attached: 1401475223077.png (1076x1105, 3.02M)

you can accidentally write data into executable code areas though. Thats the whole point

>what is W^X

Can we root like that?

AAAH DON'T OPEN THIS IT MAKES TOMATO JUICE

based

Only if the memory segment with the code section has the write flag enabled. Otherwise any attempts to read or write to a executable flagged only part of memory will result in a fault.

Clover does not have this problem.

Attached: PNG.png (257x303, 19K)

No, it's "not invented here syndrome, must reinvent png decoding and make another library because fuck the libpng and the zlib license". They might have had no choice because it has to be used within Java libraries of Android but fuck if Google's engineering around Android is still not fixed and largely atrocious.

Finally, a solution to the problem of phoneposters.

>finally
You ought to get out of your cave, oji-san.

Attached: png_file.gif (84x84, 5K)

I opened and downloaded it, nothing happened. I haven't got an update for 2 months.

Attached: Screenshot_20190213-134233.jpg (1080x1920, 74K)

Oh no, scary png is scary.

Attached: Screenshot_20190213-034539.png (1440x2560, 71K)

>yfw it's already been posted
android users btfo

Good. All phoneposters must fucking hang.

test

Attached: grad-02.png (100x100, 839)

this plays just fine desu-fampai

Attached: Screenshot_20190213-074015.png (1080x1920, 163K)

>Maintainer: Rajeesh
>Bugs: you tell me sir

*Sirs