Cyber security experts have warned that millions of Android phones are vulnerable to a vulnerability that causes the phone to execute code remotely, due to flaws in an audio codec that Apple released years ago and has not been patched since then.
According to the Egyptian newspaper, Al-Watan, researchers at the Check Point company found a bug in the Apple Lossless Audio Codec (ALAC), an audio compression technology launched by Apple in 2011, following which ALAC was included in Android devices and audio drivers. .
The problem, as the Check Point researchers note, is that while Apple has patched and updated its own version of the ALAC, the open source code of ALAC has not been updated since 2011 via Android, and it contains a fatal flaw that allows remote code execution.
A remote attacker might exploit the flaw by sending a corrupted audio file to the target, allowing malware to be executed on the target Android device. The researchers said the flaw might lead to remote access to victim-specific things like media and voice chats.
Cybersecurity companies have given a critical rating of 9.8 out of 10 potential for this major flaw affecting millions of devices running Android 8.1, 9.0, 10.0 and 11.0.
The number of vulnerable Android devices depends on how many people have installed software updates without fixing flaws, and cybersecurity firm Check Point estimates that two-thirds of smartphones sold in 2021 are vulnerable to the flaw.
These bugs affect Android devices with MediaTek and Qualcomm chipsets, but the good news is that the bug has been fixed in the December security update, yet it’s still up to each Android phone manufacturer to follow through on this. defect.