PARIS, April 22 (Benin News / EP) –
Qualcomm y MediaTek used vulnerable audio decoders that jeopardized the privacy of two-thirds of device users Android in the whole world.
The researchers of the Check Point Researcha company specializing in providing cyber threat intelligence, discovered vulnerabilities in Apple’s lossless audio codec, ALAC) that endanger the vast majority of the Android community, according to their statement.
ALAC is an audio encoding format developed by Apple and released in 2004. It is used to compress music data into digital format. In late 2011, the Cupertino company made the codec open source and it began to be integrated into many playback devices and software, such as Android mobile phones and Android media players and converters. Linux y Windows.
Since 2011, Apple has updated the proprietary version of the set-top box several times, patching and fixing security issues, but the shared code had not been patched since 2011.
The researchers found that Qualcomm and MediaTek, the world’s two largest chipmakers, used the vulnerable ALAC code in their audio decoders. This weakness may have been used to remote execution of malicious code to on two-thirds of Android mobile devices worldwide.
“A cybercriminal might have sent a song (media file) and if a potential victim plays it, malicious code is injected into the media service,” says Check Point Software CTO for Spain and Portugal, Eusebio Nieva .
Check Point Research shared this information with MediaTek and Qualcomm to ensure that these vulnerabilities have been fixed. If they hadn’t been patched, it would allow the remote access to audio conversations and media files. of users.
MediaTek has attributed CVE-2021-0674 and CVE-2021-0675 patches to ALAC issues and the vulnerabilities have already been patched and published in MediaTek’s December 2021 security bulletin. Qualcomm, for its part, released the patch for CVE-2021-30351 in its December 2021 security bulletin.