The audio decoders in Qualcomm and MediaTek chips have been reported to contain three security vulnerabilities.
Leaving unpatched three of these security holes could provide the threat actors with remote access to the media and audio conversations from affected mobile devices if they aren’t patched.
The security analysts at Check Point asserted that by sending a specially crafted audio file, an attacker could gain remote code execution (RCE) access.
In this case, the vulnerability was discovered in ALAC (Apple Lossless Audio Codec), a lossless audio format introduced by Apple in 2004.
It has been more than a decade since ALAC has been used in many devices and programs other than those from Apple. Nowadays ALAC is used in several devices like:-
MediaTek and Qualcomm both got their ALAC flaws fixed in December 2021, and are now listed and tracked as:-
Whenever an attack is carried out remotely, there are severe consequences that result:-
Through the vulnerabilities found in ALAC, the cybersecurity analysts believe an attacker could use a specially crafted malicious audio file to attempt a remote code execution attack (RCE) on a mobile device.
An RCE attack allows an attacker to remotely execute malicious code on a computer by conducting a remote code execution attack at this stage.
In a turn-key scenario, the data could be disclosed and access to privileges could be elevated for a time period without a human interaction being required.
The cybersecurity experts at CheckPoint security firm have recommended some mitigations and here they are:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody…
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA…
An emerging threat leverages Microsoft's Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at…
Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an…
In the latest edition of Verizon's Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a…
The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North…