Tuesday, November 26, 2024
HomeAndroidCritical Android Bug Let Attackers to Access Users' Media and Audio Conversations

Critical Android Bug Let Attackers to Access Users’ Media and Audio Conversations

Published on

The audio decoders in Qualcomm and MediaTek chips have been reported to contain three security vulnerabilities. 

Leaving unpatched three of these security holes could provide the threat actors with remote access to the media and audio conversations from affected mobile devices if they aren’t patched.

The security analysts at Check Point asserted that by sending a specially crafted audio file, an attacker could gain remote code execution (RCE) access.

- Advertisement - SIEM as a Service

In this case, the vulnerability was discovered in ALAC (Apple Lossless Audio Codec), a lossless audio format introduced by Apple in 2004.

It has been more than a decade since ALAC has been used in many devices and programs other than those from Apple. Nowadays ALAC is used in several devices like:-

  • Android-based smartphones
  • Linux media players and converters
  • Windows media players and converters

Flaws Detected

MediaTek and Qualcomm both got their ALAC flaws fixed in December 2021, and are now listed and tracked as:-

  • CVE ID: CVE-2021-0674
  • Summary: A case of improper input validation in ALAC decoder leading to information disclosure without any user interaction.
  • Severity: Medium
  • CVSS Score: 5.5 score
  • CVE ID: CVE-2021-0675
  • Summary: A local privilege escalation flaw in ALAC decoder stemming from out-of-bounds write.
  • Severity: High
  • CVSS Score: 7.8 score
  • CVE ID: CVE-2021-30351
  • Summary: An out-of-bounds memory access due to improper validation of a number of frames being passed during music playback.
  • Severity: Critical
  • CVSS Score: 9.8 score

Whenever an attack is carried out remotely, there are severe consequences that result:-

  • Data breach
  • Deploying malware
  • Executing malware
  • Modifying device settings
  • Accessing microphone
  • Accessing camera
  • Take over account

Potential Threat

Through the vulnerabilities found in ALAC, the cybersecurity analysts believe an attacker could use a specially crafted malicious audio file to attempt a remote code execution attack (RCE) on a mobile device.

An RCE attack allows an attacker to remotely execute malicious code on a computer by conducting a remote code execution attack at this stage. 

In a turn-key scenario, the data could be disclosed and access to privileges could be elevated for a time period without a human interaction being required.

Recommendation

The cybersecurity experts at CheckPoint security firm have recommended some mitigations and here they are:-

  • Ensure that your device is up to date.
  • Always use a robust security solution or AV app.
  • Always use complex passwords.
  • Make sure to enable multi-factor authentication.
  • Do not use any used or dumped passwords.
  • Installing a third-party Android distribution, if your device doesn’t receive security updates.
  • Do not open any audio files from unknown or suspicious sources/users.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found...

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications...

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk,...

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found...

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications...

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk,...