"Critical Bug in Android Could Allow Access to Users’ Media Files"

Android devices running on Qualcomm and MediaTek chipsets have been discovered by security analysts to be vulnerable to Remote Code Execution (RCE) attacks. The vulnerability stems from a flaw in the implementation of Apple Lossless Audio Codec (ALAC), which is an audio coding format for lossless audio compression. Apple open-sourced ALAC in 2011 and has since then been releasing updates, including security fixes, for the format. However, some third-party vendors using ALAC have not applied the updates, including two of the largest smartphone chip makers, Qualcomm and MediaTek. The bug impacts chipsets present in nearly the entire range of products Qualcomm released over the past several years. A remote attacker can exploit the vulnerability to execute code on a target device by sending a specially crafted audio file and tricking an unsuspecting user into opening it. Researchers have dubbed this attack ALHACK. RCE attacks can lead to data breaches, the planting and execution of malware, the modification of device settings, account takeover, and more. An analysis of the vulnerability revealed that the ALAC decoder implementations from Qualcomm and MediaTek suffer from out-of-bounds reads as well as the improper validation of audio frames. These problems could lead to information disclosure and elevated privileges without the need for user interaction. This article continues to discuss the critical chipset bug that opens millions of Android devices to RCE attacks. 

Bleeping Computer reports "Critical Bug in Android Could Allow Access to Users’ Media Files"