Apple developed an audio format known as Apple Lossless Audio Codec (ALAC) in 2004 to make use of in iTunes. This audio format provided lossless information compression. The format was adopted by firms worldwide when Apple open-sourced it in 2011. Now a brand new report suggests {that a} bug within the ALAC can influence two-thirds of Android units that have been bought in 2021 and the unpatched units are susceptible to takeover by hostile attackers.
What’s the ALAC bug?
In keeping with a report by Examine Level Analysis, Apple has continued updating its personal ALAC model over time, in the meantime, the open-source model has not been up to date with any safety fixes because it was introduced in 2011. The shortage of safety fixes has allowed an unpatched vulnerability to be included in processors developed by Qualcomm and MediaTek.
What makes the bug so harmful?
The report means that each MediaTek and Qualcomm have included the compromised ALAC code of their chipsets’ audio decoders. This vulnerability can be utilized by a hacker on a malformed audio file to provoke a distant code execution assault (RCE). For RCE assaults, hackers don’t have to have bodily entry to the goal machine and may execute the assault remotely. This makes RCE essentially the most harmful sort of hacking assault.
Hackers can achieve management over a consumer’s media information and entry the digicam’s streaming performance utilizing the malformed audio file. This bug can be used to provide particular Android apps some extra permissions that may assist the hacker with entry to the consumer’s conversations. Contemplating MediaTek and Qualcomm’s market share within the world cell chip, the report claims that this subject impacts two-thirds of all Android telephones bought in 2021. Nonetheless, each the businesses issued fixes in December 2021 which have been finally despatched downstream to the machine producers.
One other report by Ars Technica mentions that the vulnerability raises some severe questions in regards to the steps that Qualcomm and MediaTek are taking to ensure the safety of the code they’re implementing. Hopefully, the seriousness of this mishap would possibly instigate adjustments that may concentrate on protecting the customers protected.



Leave a Reply

Your email address will not be published.