Security News > 2022 > April > Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution attacks simply by sending a specially crafted audio file.
An unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations."
Called the Apple Lossless Audio Codec or Apple Lossless, the audio codec format is used for lossless data compression of digital music.
Several third-party vendors, including Qualcomm and MediaTek, have incorporated the Apple-supplied reference audio codec implementation as the basis for their own audio decoders.
Following responsible disclosure, all the three vulnerabilities were closed by the respective chipset manufacturers in December 2021.
News URL
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html
Related news
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)