Security News > 2022 > April > Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution attacks simply by sending a specially crafted audio file.
An unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations."
Called the Apple Lossless Audio Codec or Apple Lossless, the audio codec format is used for lossless data compression of digital music.
Several third-party vendors, including Qualcomm and MediaTek, have incorporated the Apple-supplied reference audio codec implementation as the basis for their own audio decoders.
Following responsible disclosure, all the three vulnerabilities were closed by the respective chipset manufacturers in December 2021.
News URL
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html
Related news
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)