Researchers at security firm Check Point have discovered a high-severity vulnerability that could allow attackers to take control of millions of Android devices. This vulnerability is an out-of-bounds vulnerability and exists in the ALAC—Apple Lossless Audio Codec—codec. ALAC is an audio format introduced by Apple in 2004 to provide lossless audio. Apple has been updating its own private version for years to fix security flaws, while Qualcomm and MediaTek use an open-source version that hasn’t been updated since 2011. The vast majority of Android devices use mobile chipsets from Qualcomm or MediaTek. Hackers can use this vulnerability to force the decoder to execute malicious code. The researchers estimate that two-thirds of smartphones sold in 2021 will have the vulnerability. Qualcomm and MediaTek released patches last year, and if the latest patch for Android devices is after December 2021, the vulnerability has already been fixed.
This article is reprinted from: https://www.solidot.org/story?sid=71331
This site is for inclusion only, and the copyright belongs to the original author.