- Smartphones running on Android Nougat, Oreo and Pie have a critical vulnerability.
- The vulnerability enables hackers to gain access to smartphones by playing corrupted videos on Android phones.
- Google has already released a patch to fix this vulnerability in the July update of its Android operating system.
Do you own an Android smartphone? If yes, then you should be careful while downloading or watching videos from unknown sources online. This is because a vulnerability affecting millions of Android phones could allow hackers to remotely execute malicious code on your smartphones, potentially giving them the control of your smartphone.
According to a report by hacker news, a critical remote code execution vulnerability (CVE-2019-2107) affecting over one billion smartphones running on smartphones running on versions of Android operating system between Android 7.0 Nougat and Android 9.0 Pie could allow a hacker to execute an arbitrary code on a device remotely. The vulnerability in question resides in the Android media framework and it can even allow malicious hackers to gain complete control of your smartphone.
To put it simply, playing a video received in an email from an unknown contact or playing a video from a suspicious website could allow hackers to gain access to your smartphone by utilising a key vulnerability on your smartphone.
Now, Google has already fixed his vulnerability along with dozens of other vulnerability in the July update of its Andrdoid operating system. This means that if you own a Pixel smartphone your device is safe from such hacks. However, if you own an Android smartphone by another smartphone maker, chances are that you haven’t received the Android update to fix this critical vulnerability yet. This is because the Android security patches after being rollout out by Google are customised as per the respective platforms by the individual device makers.
So, the best way to safeguard your smartphone from such a hack is being wary of the places where you play video on and looking out for the latest Android security patch, which would effectively fix this flaw.
But there is a catch. The publication notes that the attack won’t work if the corrupted video is recieved via social media platforms like Twitter, WhatsApp or Messenger as these services usually compress and encrypt the media files before sending.
Meanwhile, the July security update for Android, which was released earlier this month brough interesting new functionality to Pixel smartphones. In addition to bringing improvements to the OK Google detection feature and music detection feature of the Pixel smartphones, the July update also fixed an issue which lead to some devices getting stuck while booting.