Google Releases Fixes For Many Severe Issues Including One That Phishes With An Image
By: Jim Stickley and Tina Davis
March 12, 2019
Google was busy prior to its February patch release. It fixed a total of 42 flaws related to the Android operating system, including 11 critical ones and 30 that were rated as high severity. Notably, included in this batch was a critical flaw that could potentially allow an attacker to execute code on your mobile device. Of course how it may get onto your smartphone is via phishing.
Remember never to click links or attachments in email, text, or from any other way unless you are 100% certain it’s OK to do so. Most definitely consider whether or not you should if it came unexpectedly, from someone unknown to you, or if there is any doubt what so ever of its safety. If you want to click it, place a quick phone call to the sender using a number you already know or look up on the website. In other words, don’t reply to email or use information found in those messages to verify these. The hackers are witty enough to plant their own information and if you use it, you’ll just be calling them. And of course, they will verify that you should click.
The recent set of patches addresses flaws in millions of Android devices from 7.0 Nougat to 9.0 Pie, which is the latest version. Some users may already have an update for these issues, but each carrier has to release them separately. Therefore, as soon as you see there is an update available, take a moment to apply it.
The most severe of the critical issues could allow a remote attacker to execute arbitrary code on an affected device using a phishing email and a specially crafted .PNG file.
Fortunately, there is no evidence this has been exploited, but don’t delay in updating your devices anyway.