Android users need to be highly cautious as menial tasks such as viewing a png file can compromise their smartphone.
A hacker can get access to a user’s smartphone by tricking them to download a png file sent to them or displayed within an application they are using. Google has patched 42 security vulnerabilities including the three critical vulnerabilities (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) that can lead to compromises in their recent February Security Updates.
https://source.android.com/security/bulletin/2019-02-01.html
Even though Google claims none of these vulnerabilities has been exploited, it is still highly recommended to download these security patches to avoid possible issues.
Source: The Hacker News