Android was revealed to an important security vulnerability: The root cause came from Apple

Android was exposed to a major security flaw, and the protagonist behind it turned out to be an Apple. THE VULNERABILITY IS KNOWN TO EXIST IN ALAC, WHICH IS OFTEN REFERRED TO AS APPLE’S LOSSLESS AUDIO CODEC. ALAC IS AN AUDIO FORMAT INTRODUCED BY APPLE AS EARLY AS 2004. AS THE NAME SUGGESTS, THIS CODEC PROMISES LOSSLESS AUDIO OVER THE INTERNET.

join us on telegram

While Apple designed its own patented version of ALAC, there is an open-source version that Qualcomm and MediaTek rely on in Android smartphones. It’s worth noting that both chipset makers are using a version that hasn’t been updated since 2011.

Technical jargon aside, vulnerabilities in the open-source version of Apple’s NDT can be exploited by unprivileged Android apps that upgrade their system privileges to media data and device microphones. This basically means that the app can eavesdrop not only on phone conversations but also on nearby conversations and other ambient sounds.

IN FACT, QUALCOMM HAS BEEN USING THE CVE IDENTIFICATION TAG CVE-2021-30351 TO TRACK THE VULNERABILITY, WHILE MEDIATEK HAS USED CVE IDS CVE-2021-0674 AND CVE-2021-0675.

Leave a Comment