Android phones are very popular among millions and security researchers have discovered that millions of them are vulnerable to a serious attack.
The attack causes it to execute code remotely, due to flaws in an audio codec that Apple released years ago.
It has not been corrected since.
Researchers at Check Point have found a bug in the Apple Lossless Audio Codec (ALAC).
It is an audio compression technology launched by Apple in 2011, following which ALAC was included in Android devices.
And audio drivers, according to ZNet.
The program has not been updated since 2011.
The problem, as the Check Point researchers note, is that while Apple has patched and updated its own version of the ALAC, the open source code of the ALAC has not been updated since 2011.
This is done via Android, and it contains a fatal flaw that allows remote code execution.
A remote attacker might exploit this flaw by sending a corrupted audio file to the target.
This allows malware to be executed on the target Android device.
The researchers said the flaw might lead to remote access to things private to the victim such as media and voice chats.
The severity of the Android bug
Cybersecurity companies have given a critical rating of 9.8 out of 10 potential for this major flaw.
It affects millions of devices running Android 8.1, 9.0, 10.0 and 11.0.
The number of vulnerable Android devices depends on the number of people who have installed software updates.
without repairing defects.
Cybersecurity firm Check Point estimates that two-thirds of smartphones sold in 2021 are vulnerable to this flaw.
These bugs affect Android devices with MediaTek and Qualcomm chipsets.
But the good news is that the bug has been fixed in the December security update.
However it is still up to each Android phone manufacturer to pursue this flaw.