<\/p>\n
\nOwn an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.\n<\/p>\n
\nAlong with the dangerous <\/p>\n
Quadrooter vulnerabilities<\/a><\/p>\n that affected 900 Million devices and other previously disclosed issues, Google has <\/p>\n patched<\/a><\/p>\n a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.\n<\/p>\n \nIn fact, there is no need for a victim to click on the malicious photo because as soon as the image\u2019s data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it.\n<\/p>\n \nThe vulnerability is similar to last year’s <\/p>\n Stagefright bug<\/a><\/p>\n (<\/p>\n exploit code<\/a><\/p>\n ) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.\n<\/p>\n \nThe Stagefright flaw affected more than <\/p>\n 950 Million Android devices<\/a><\/p>\n and resided in the core Android component Stagefright \u2014 a multimedia playback library used by Android to process, record and play multimedia files.\n<\/p>\n \nHowever, the recent vulnerability (<\/p>\n CVE-2016-3862<\/a><\/p>\n ) resided in the way images used by certain Android applications parsed the Exif data in an image, SentinelOne’s <\/p>\n Tim Strazzere<\/b><\/p>\n , the researcher who uncovered the vulnerability, told <\/p>\n Forbes<\/a><\/p>\n .\n<\/p>\n \nAny app using Android’s Java object ExifInterface code is likely vulnerable to the issue.<\/p>\n \nMaking a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim’s phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim\u2019s knowledge.\n<\/p>\n \n“Since the bug is triggered without much user interaction \u2013 an application only needs to load an image a specific way \u2013 triggering the bug is as simple as receiving a message or email from someone,” Strazzere said. “Once that application attempts to parse the image (which was done automatically), the crash is triggered.”<\/p><\/blockquote>\n \nAccording to Strazzere, attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.\n<\/p>\n \nStrazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail and most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.<\/p>\n \nAll versions of Google’s operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack, except today’s update that fixed the vulnerability.\n<\/p>\n \nThe researcher even successfully tested his exploits on a handful of phones running Android 4.2 and Amazon devices and found that the devices remain unpatched, leaving a large number of users of older Android devices exposed.\n<\/p>\n \nSo, if you are not running an updated version of operating system and\/or device, you probably are vulnerable to the image-based attack.\n<\/p>\n \nGoogle has <\/p>\n\nAn Image Received…? Your Game is Over<\/h3>\n
\nWhen will I expect a Fix?<\/h3>\n