A look at an Android ITW DNG exploit
Summary
Google Project Zero analyzed in-the-wild DNG image exploits targeting the Quram library on Samsung Android devices. These exploits, discovered between July 2024 and February 2025, were used to deliver spyware and were fixed in April 2025. The analysis details the technical aspects of these "one-shot" image-based exploits.
IFF Assessment
The article describes actively exploited vulnerabilities, which presents a risk to Android device users.
Severity
Defender Context
This analysis highlights the ongoing threat of image-based exploits on Android, even though the specific vulnerability is patched. Defenders should monitor for unusual image file activity, especially related to DNG files, and ensure devices are promptly updated with security patches. The rise of "one-shot" exploits emphasizes the need for proactive threat hunting and robust mobile threat detection capabilities.