Skip to Main Content

Patch your Android now against critical .PNG image bug

The flaw could potentially be exploited by malicious hackers.


Android users are being reminded to be careful about the files they open on their smartphones, after the discovery that harmless-looking image files could be harbouring malicious code.

In its Android Security Update for February, Google has detailed three critical security vulnerabilities in the way the Android operating system handles .PNG (Portable Network Graphic) files.

According to the advisory, a maliciously-crafted PNG image file could execute code on vulnerable Android devices, potentially hacking phones and granting access by a remote attacker.

The newly-discovered flaws affect millions of devices running versions of the Android operating system from Android 7.0 Nougat to the latest Android 9.0 Pie, and an attack could be activated by tricking a user into viewing a boobytrapped PNG image sent via email or a messaging app.

The silver lining is that to date Google has not seen any evidence that the flaw is being exploited in real-world attacks. But that, of course, may only be a matter of time. 

Top Tips:   

If you have Android 7.0 Nougat to 9.0 Pie, ensure you are cautious when opening files on your device until an Android software update has been released.