web analytics
Home » Technology » Apple Lossless Audio makes Android remotely vulnerable

Apple Lossless Audio makes Android remotely vulnerable

Security experts have discovered a critical vulnerability in Android smartphones with Qualcomm and MediaTek chipsets. Unauthorized users can exploit a bug in the implementation of Apple’s Lossless Audio Codec to remotely execute arbitrary code.

A new one warns about this now Check Point Research Report (through bleeding computer For example, the security researchers discovered the vulnerability in the chips of Qualcomm and MediaTek, two of the largest manufacturers of smartphone chips in the world. The devices are then vulnerable to remote code execution due to the flaw in the implementation of the Apple Lossless Audio Codec (ALAC). ALAC is a lossless audio compression audio format that Apple began using open source in 2011.

Apple Patches Diligently, Third-Party Don’t

Since then, Apple has regularly released updates to the format, including security fixes. However, according to Check Point Research, these updates are not used by all third-party providers that use the codec.

So now you have the situation that a large number of chipsets may still have the vulnerability. According to the security analysis, the vulnerability could be used remotely by the attacker to access the media stored on the device. Check Point is releasing details as MediaTek and Qualcomm vulnerabilities have been patched (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351.” MediaTek and Qualcomm have compromised the privacy of millions of Android users Check Point criticized.

The researchers plan to publish details of the vulnerability at the CanSecWest security conference next month. From the details available so far, it appears that an attacker could be able to remotely code on a target device. by playing a maliciously crafted audio file is sent and tricking the user into opening it. The researchers call this attack “ALHACK”. It enables the smuggling of Trojans, as well as data theft.