Android smartphone users regularly face threats from various security issues and this week there is a major issue affecting millions of users. Most of these smartphones run on Qualcomm and MediaTek chipsets, and due to a security vulnerability in an audio format, more than 67 percent of Android smartphones were at great risk of a security attack.
Even though the vulnerability was fixed with a patch last year, millions of Android smartphones could have fallen victim to the problem, putting them at risk.
Also read: Poco Watch smartwatch to launch on April 26: All details
All this information has been given by the researchers of Check Point Research this week. Its researchers discovered the problem via the Apple Lossless Audio Codec, or ALAC, that Apple shells out to provide lossless music quality for streaming to non-Apple devices.
The folks at Check Point Research noted that by using a vulnerability in the ALAC files, attackers could perform a remote code execution (RCE) attack on the device. This type of attack enables the attacker to access your smartphone’s camera, and even infect any media file with malware that can open the door for further intrusions.
Check Point Research said that MediaTek and Qualcomm-powered smartphones somehow ported the ALAC vulnerability to its audio decoder. These two chipset makers have a market share of 48.1 percent and 47 percent respectively, making them ideal targets for attackers.
The security issue was discovered by Slava Makaviev along with Netanel Ben Simon, who noted that the threat was serious and allows attackers to easily see everyone on the affected smartphone.
ALSO READ: Apple Watch Series 6 gets free repair service for blank screen issue: Here’s how it works
“The vulnerabilities were easily exploitable. A threatening actor could send a song (media file) and when played by a potential victim, he could inject code into a privileged media service. The threatening actor could do the same could see what the mobile phone user sees on his phone.”
Watch Video: Oppo Find X5 Pro Quick Look: The Power-Packed Oppo Flagship Smartphone India Might Miss
To its credit, Check Point Research had sent all the details about the vulnerability to MediaTek and Qualcomm, who in December last year were quick to fix the problem with their respective security patches.
Read all the latest news, breaking news and IPL 2022 live updates here.
Source
