Notices



ALAC bug left millions of Android devices vulnerable to takeover

AVN News Feed

Post New ThreadReply
 
Thread Tools
  #1  
Old 04-22-2022, 08:45 AM
phillynewsnow's Avatar
phillynewsnow phillynewsnow is offline   Thread Starter  
Site Moderator - Staff

 
Join Date: October 11th, 2009
Posts: 4,640
Thanks: 0
Thanked 668 Times in 568 Posts
Downloads: 0
Uploads: 0


View phillynewsnow's Profile   Edit Options Edit Profile Picture View phillynewsnow's Photo Album Add phillynewsnow's to Your Contacts Show Groups Edit Avatar Subscribed Threads Private Messages
Rss Feed ALAC bug left millions of Android devices vulnerable to takeover

ALAC bug left millions of Android devices vulnerable to takeover





  • A major vulnerability impacted the vast majority of 2021 Android phones.
  • The issue is caused by compromised ALAC audio code.
  • The vulnerable code was included in Mediatek and Qualcomm audio decoders.



A bug in the Apple Lossless Audio Codec (ALAC) impacts two-thirds of Android devices sold in 2021, leaving unpatched devices vulnerable to takeover.

ALAC is an audio format developed by Apple for use in iTunes in 2004, providing lossless data compression. After Apple open-sourced the format in 2011, companies worldwide adopted it. Unfortunately, as Check Point Research points out, while Apple has updated its own version of ALAC over the years, the open source version was not updated with security fixes since it was made available in 2011. As a result, an unpatched vulnerability was included in chipsets made by Qualcomm and Mediatek.


According to Check Point Research, both Mediatek and Qualcomm included the compromised ALAC code in their chips’ audio decoders. Because of this, hackers could use a malformed audio file to achieve a remote code execution attack (RCE). RCE is considered the most dangerous kind of exploit since it does not require physical access to a device and can be executed remotely.

Using the malformed audio file, hackers could execute malicious code, gain control of a user’s media files, and access the camera’s streaming functionality. The vulnerability could even be used to give an Android app additional privileges, providing the hacker access to the user’s conversations.

Given Mediatek and Qualcomm’s position in the mobile chip market, Check Point Research believes the vulnerability impacts two-thirds of all Android phones sold in 2021. Fortunately, both companies issued patches in December of that year, which were sent downstream to device manufacturers.






More...
Reply With Quote
Post New ThreadReply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to download Android 13 for Google Pixel and other Android devices phillynewsnow AVN News Feed 1 01-27-2024 02:59 PM
How to install Android 13 on Google Pixel and other Android devices phillynewsnow AVN News Feed 1 01-27-2024 02:59 PM
How to download Android 13 for Google Pixel and other Android devices phillynewsnow AVN News Feed 0 10-29-2022 03:30 AM
How to install Android 13 on Google Pixel and other Android devices phillynewsnow AVN News Feed 0 10-28-2022 07:35 AM
Android 13 adds a new ?low power standby? mode for Android TV devices phillynewsnow AVN News Feed 0 04-16-2022 07:32 AM


All times are GMT -5. The time now is 02:30 AM.

Layout Options | Width: Fixed
Contact Us - SPJ Bulletin - Archive - Privacy Statement - Terms of Service - Top