Sunday, February 9, 2025
HomeNewsTechMillions on Android Devices Exposed by Unpatched Apple Lossless Codec Defect: Scientist

Millions on Android Devices Exposed by Unpatched Apple Lossless Codec Defect: Scientist

Millions on Android Gadgets Exposed by Unpatched Apple Lossless Codec Flaw: Scientist

Security flaws in an audio codec have been discovered by security scientists, putting countless Android phones and other Android gadgets powered by chipsets from MediaTek and Qualcomm at risk of being jeopardized by hackers. Coming from an codec developed by Apple numerous years earlier, the vulnerabilities were left unpatched because the business open-sourced the codec 11 years back, for inclusion on non-Apple devices. By leveraging the security flaws, an assailant might from another location get access to an Android phone’s media and audio conversations, according to the researchers.According to a report by scientists at Examine Point Research study, a flaw in the Apple Lossless Audio Codec(ALAC)from Apple allows an enemy to carry out a remote code execution(RCE)attack on a target mobile phone, after sending out a malformed audio file. An RCE attack can enable the opponent to acquire control of multimedia on the handset, consisting of streaming video from the cameras, accessing media and user conversations.The security defects were found in Apple’s ALAC codec, which was open-sourced by the business in 2011– enabling non-Apple gadgets to stream music in ‘lossless’quality utilizing Apple’s formerly proprietary codec. Nevertheless, while Apple covered the exclusive variation of the ALAC codec, the open-source variation stayed unpatched, according to the researchers.As a result, Qualcomm and MediaTek, chipset producers who ported the vulnerable ALAC codec to their audio decoders, leading to over two thirds of all mobile phones offered in 2021 being vulnerable to the security flaws, dubbed”ALHACK”, according to the scientists. The vulnerabilities were properly disclosed to Qualcomm and MediaTek, who both acknowledged the problems and designated Typical Vulnerabilities and Exposures(CVE)for the defects. MediaTek assigned CVE-2021-0674 and CVE-2021-0675(with’Medium’and ‘High’scores, respectively), while Qualcomm appointed CVE-2021-30351 (with a’Crucial’score of 9.8 out of 10)for the ALAC flaws, prior to patching them.According to the scientists, both business have actually provided spots for the defects consisted of in the December 2021 Android security publication, which indicates that users with smart devices that got the December security patches need to be safe from the vulnerabilities. However, this leaves out millions of users running out-of-date software , or users who receive erratic security updates– putting them at danger of being compromised by attackers.Published at Fri, 22 Apr 2022 14:22:43 +0000

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments

chiffon dress design in pakistan on Realme 6 Pro Review | NDTV Gadgets 360
You searched for on Realme X50 Pro 5G Review
Telefoane Mobile Ieftine si Accesorii on Oppo Enco Free True Wireless Earphones Review