Security News > 2022 > April > Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.

According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution attacks simply by sending a specially crafted audio file.

An unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations."

Called the Apple Lossless Audio Codec or Apple Lossless, the audio codec format is used for lossless data compression of digital music.

Several third-party vendors, including Qualcomm and MediaTek, have incorporated the Apple-supplied reference audio codec implementation as the basis for their own audio decoders.

Following responsible disclosure, all the three vulnerabilities were closed by the respective chipset manufacturers in December 2021.

News URL

https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html