• Latest
  • Trending
Critical bug in Android could allow access to users’ media files

Critical bug in Android could allow access to users’ media files

April 22, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Critical bug in Android could allow access to users’ media files

by ITECHNEWS
April 22, 2022
in Leading Stories, Tech
0 0
0
Critical bug in Android could allow access to users’ media files

Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC).

ALAC is an audio coding format for lossless audio compression that Apple open-sourced in 2011. Since then, the company has been releasing updates to the format, including security fixes, but not every third-party vendor using the codec applies these fixes.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

According to a report Check Point Research, this includes Qualcomm and MediaTek, two of the world’s largest smartphone chip makers.

The sound of RCE

The analysts have not provided many details about the actual exploitation of the flaws yet but promised to do so at the upcoming CanSecWest in May 2022.

From the details available, the vulnerability enables a remote attacker to execute code on a target device by sending a maliciously crafted audio file and tricking the user into opening it. The researchers are calling this attack “ALHACK.”

The impact of remote code execution attacks comes with severe implications, ranging from data breach, planting and executing malware, modifying device settings, accessing hardware components such as the microphone and camera, or account take over.

The ALAC flaws were fixed by MediaTek and Qualcomm in December 2021, and are tracked as CVE-2021-0674 (medium severity with a 5.5 score), CVE-2021-0675 (high severity with a 7.8 score), and CVE-2021-30351 (critical severity with a 9.8 score).

From the researchers analysis, the ALAC decoder implementations from Qualcomm and MediaTek suffer from possible out-of-bounds reads and writes, and improper validation of audio frames passed during music playback.

The possible consequences include information disclosure and elevation of privileges with no user interaction required.

BleepingComputer asked Qualcomm for a comment about the currennt risk for customers. A company spokesperson provided the statement below:

Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies. We commend the security researchers from Check Point Technologies for using industry-standard coordinated disclosure practices. Regarding the ALAC audio decoder issue they disclosed, Qualcomm Technologies made patches available to device makers in October 2021. We encourage end users to update their devices as security updates have become available

The case with audio codec flaws

Fixes of remote code execution flaws in closed-source audio processing units are present almost in every monthly Android security update.

However, exploiting them is rarely trivial, and the component vendors provide few technical details to reduce exploitation risk.

For example, Android patches from April included nine fixes for critical vulnerabilities in closed-source components. One of them is CVE-2021-35104 (9.8 severity score) – a buffer overflow that led to improper parsing of headers while playing FLAC audio clips.

The bug affected chipsets present in almost the entire range of products Qualcomm released over in the past several years.

How to stay safe

The standard security advice applies here, too: keep your devices up to date, in this case it means running the Android patch level “December 2021” or later.

If the device no longer receives security updates from the vendor, installing a third-party Android distribution that still provides Android patches is valid option.

Finally, when receiving audio files from unknown or suspicious sources/users, it is best not to open them since they could trigger the vulnerability.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Critical bug in Android could allow access to users' media files
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version