Critical bug in Android could allow access to users’ media files

Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC).

ALAC is an audio coding format for lossless audio compression that Apple open-sourced in 2011. Since then, the company has been releasing updates to the format, including security fixes, but not every third-party vendor using the codec applies these fixes.

According to a report Check Point Research, this includes Qualcomm and MediaTek, two of the world’s largest smartphone chip makers.

Read more…
Source: Bleeping Computer