Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC).
ALAC is an audio coding format for lossless audio compression that Apple open-sourced in 2011. Since then, the company has been releasing updates to the format, including security fixes, but not every third-party vendor using the codec applies these fixes.
According to a report Check Point Research, this includes Qualcomm and MediaTek, two of the world’s largest smartphone chip makers.
Source: Bleeping Computer