It is likely that if you have not received a security update on your Android phone for a long time, you may be exposed to this important attack.
Over time, security researchers discover various malware that take advantage of vulnerabilities in our smart devices, and that is why it is always convenient that we have all our tablets, computers, and mobile phones updated to the latest security version.
However, perhaps because the mobile phone is somewhat old or because it has not directly received the corresponding security patch yet, it is likely that some of our smart devices end up being vulnerable to some type of security flaw that cybercriminals are already taking advantage of. .
Now security researchers at Checkpoint have discovered a security vulnerability stemming from Apple’s ALAC audio codec.
Specific Android devices are at risk with security patch prior to December 2021so if you haven’t received a security update on your Android phone in more than four months, you’re in trouble.
This vulnerability can allow hackers to seize millions of Android devices with a Mediatek or Qualcomm processor set.
Specifically, as we said, this vulnerability resides in the ALAC, which is an audio format that Apple presented in 2004. Although Apple presented its own proprietary version of this Codec on that date, there is also an open source version in which Mediatek and Qualcomm have been relying on these past few years.
The security team notes that “the ALAC issues our researchers found could be used by an attacker for a remote code execution attack on a mobile device via a malformed audio file”.
“These attacks allow a hacker to remotely execute malicious code on a computer. The impact of the vulnerability can range from executing malware to an attacker gaining control of a user’s media data including streaming from the camera”, they add.
In this way, this security flaw can end up being exploited by a malicious application for Android that you can escalate privileges in the system until you reach the multimedia data of the camera and microphone Of the device.
Patches have been pushed out to Google as well as Android phone makers, and while most Android devices should have received this security patch by now in recent months, specifically with the December 2021 update, it’s likely there will be. phones that have not received it for various reasons.
And it is that some Android devices no longer receive security updates from the manufacturers themselves, so they would be exposed to this vulnerability that could endanger both your device and any of your data.
To find out if your Android phone is susceptible to being attacked with this vulnerability, you should check the date of the last security patch installed.
To do this, go to your Android phone’s settings, then look for the “Android version information” tab, and you should see the version of the most recent security patch that you have installed.
George is Digismak’s reported cum editor with 13 years of experience in Journalism