Information security company Check Point said in its blog that two-thirds of Android phones using Qualcomm and MediaTek chips in the world may be compromised by a vulnerability in Apple’s old lossless audio compression encoding format, Apple Lossless (ALAC). hacked.
Apple’s ALAC format was launched in 2004. At the end of 2011, Apple open sourced ALAC under the Apache v2.0 license. Since then, the ALAC format has been embedded in many non-Apple music playback devices and applications, including Android phones. .
If it is Apple’s own ALAC format, there will be a dedicated version of the security patch update, but the open source version of ALAC has not provided security updates since the end of 2011, which also allows some interested people the opportunity to invade non-Apple phones.
Check Point found that phones powered by Qualcomm and MediaTek chips are vulnerable to exploits through legacy ALAC format exploits; hackers could exploit fake file formats and use legacy ALAC to remotely execute code against Android phones (RCE). Through such an attack, hackers can execute malicious commands on the phone, or control the usage rights in the phone, such as the camera, microphone switch, etc.
But Android users don’t need to worry too much, because the Check Point team has disclosed this vulnerability to Qualcomm and MediaTek after discovering it, and these vulnerabilities have now been patched.
(Source of the first image: pixabay)
New technological knowledge, updated from time to time