Security News > 2022 > April > Critical bug in Android could allow access to users' media files
Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec.
We encourage end users to update their devices as security updates have become available.
Fixes of remote code execution flaws in closed-source audio processing units are present almost in every monthly Android security update.
Android patches from April included nine fixes for critical vulnerabilities in closed-source components.
The standard security advice applies here, too: keep your devices up to date, in this case it means running the Android patch level "December 2021" or later.
If the device no longer receives security updates from the vendor, installing a third-party Android distribution that still provides Android patches is valid option.