ANDROID users are being warned to update their devices as a coding bug could let hackers access their media files and more.
Threat actors are targeting Android users via a flaw in devices that are running on Qualcomm and MediaTek chipsets, Bleeping Computer reported on Thursday.
1
This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.
ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.
A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.
RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.
This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.
One way that hackers can employ an RCE attack is through a malformed audio file, security firm Check Point said on Thursday.
Apple has issued security updates for the bug on its smartphones, however, nearly two-thirds of Android devices sold in 2021 have been left unpatched, per Android Authority.
“According to IDC, 48.1% of all Android phones sold in the US are powered by MediaTek as of Q4 2021, while Qualcomm currently holds 47% of the market,” Check Point said.
Most read in Tech
The firm noted that after presenting their findings to MediaTek and Qualcomm last year, the chipset companies addressed the vulnerabilities.
“MediaTek assigned CVE-2021-0674 and CVE-2021-0675 to the ALAC issues,” Check Point said. “Qualcomm released the patch for CVE-2021-30351 in the December 2021 Qualcomm Security Bulletin.”
However, users who have not yet implemented the security patch may be leaving their data vulnerable to breaches.
“Regarding the ALAC audio decoder issue they disclosed, Qualcomm Technologies made patches available to device makers in October 2021. We encourage end-users to update their devices as security updates have become available,” a Qualcomm spokesperson told Bleeping Computer.
To update your Android device, go to your Settings > About Phone > Check for Updates.
If an update is available, an ‘Update’ button should appear, simply tap it and then hit ‘Install’.
Please note, depending on your phone’s operating system, you should see either ‘Install Now’, ‘Reboot and install’, or ‘Install System Software’.
We pay for your stories!
Do you have a story for The US Sun team?
