Android και εταιρείες κατασκευής συσκευών: Αν έχετε ένα smartphone Pixel της Google, το τηλέφωνό σας είναι ασφαλές από ένα κενό ασφαλείας που θα μπορούσε να αφήσει ένα archive PNG to completely destroy your system. Now if your device is any other running Android then your phone is vulnerable.
This of course is a problem for Android.
Google has recently released a security update for Pixel devices, which closes a blank space that allowed malicious PNG files to "run arbitrary code with administrator privileges."
In other words, malicious code can run with very high privileges while all you do is open a png file.
This means that any PNG that comes to your device, (in an email, in a messaging app or even via MMS) could potentially hack the system and steal sensitive data, on any non-Pixel phone.
The phones from Samsung, LG, OnePlus and many other manufacturers are still at risk from the vulnerability.
The problem is not new. This is something that we have known for a long time, and continues to worry all its users Google software. As long as new vulnerabilities appear, late security updates will always be a very serious problem.
The "fragmentation" of Android has long been a very problem especially for operating system updates. Of course we are not talking about updates that add new features, but updates to the code that protect your personal data. Whether they are minor or not, these updates should not be ignored by any manufacturer.
Security updates are not as huge as new feature updates. They are released every month by Google, so they are much smaller and easier to install on the system - even for third parties. So while we hear excuses for not installing, it seems to be purely a matter of manufacturers' priorities.
New vulnerabilities will exist constantly, and no one wants to risk his data. However, no one requires the device manufacturer, immediate updates, as soon as they are available from Google.
The PNG vulnerability is just one example. Every month such are discovered security gaps and most manufacturers release updates months later. So your data remains exposed for much longer.
Here does not seem to be an easy answer for how you can fix things. Perhaps because it does not exist.
Until the manufacturers begin to take your safety and your data more seriously, there is only one answer: buy a different device. Apple and Google have shown that they are interested in user data, so iPhone and Pixel seem to be great choices for those who want and need more security.
It may sound a cliché but it is time to vote with your wallet. Do not buy devices from manufacturers who are not interested in your data. It is the only way to understand the seriousness of the matter.