Critical security flaws put millions of Android users’ privacy at risk

Security firm Check Point has announced that it discovered a security vulnerability in millions of Android devices powered by Qualcomm and MediaTek chipsets.

The firm found the bug residing in an open-source version of the Apple Lossless Audio Codec (ALAC).

Apple introduced ALAC in 2004 to allow lossless audio compression via iTunes and released it as open-source software in 2011.

Apple continued development on the proprietary version of its codec, including security updates, but it had not implemented these patches in the open-source version since 2011.

Qualcomm listed the vulnerability as CVE-2021-30351, while MediaTek tracked it as CVE-2021-0674 and CVE-2021-0675.

These vulnerabilities could allow attackers to launch remote code execution attacks (RCE) on affected devices.

“RCE attacks allow an attacker to remotely execute malicious code on a computer,” said Check Point.

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.”

The security company also stated attackers could use these vulnerabilities to gain access to audio conversations by escalating an app’s privileges.

Check Point’s report stated that Qualcomm and MediaTek implemented the necessary security fixes in December 2021.

Additionally, it stated that approximately 66% of all smartphones sold in 2021 were vulnerable to attack if left unpatched.

If the security patch level in your device’s operating system shows a date of December 2021, your device is no longer vulnerable. Anything older than this will require an update as soon as possible.

Now read: Samsung vs Huawei — The Android king of South Africa

Latest news

Partner Content

Show comments


Share this article
Critical security flaws put millions of Android users’ privacy at risk