ANDROID users are being warned to update their devices as a coding bug could let hackers access their media files and more.
Threat actors could target Android users via a flaw in devices that are running on Qualcomm and MediaTek chipsets, Bleeping Computer reported on Thursday.
This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.
ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.
A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.
RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.
This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.
One way that hackers can employ an RCE attack is through a malformed audio file, security firm Check Point said on Thursday.
Apple has issued security updates for the bug on its smartphones, however, nearly two-thirds of Android devices sold in 2021 were left unpatched, per Android Authority.
“According to IDC, 48.1% of all Android phones sold in the US are powered by MediaTek as of Q4 2021, while Qualcomm currently holds 47% of the market,” Check Point said.
The firm noted that after presenting their findings to MediaTek and Qualcomm last year, the chipset companies addressed the vulnerabilities.
“MediaTek assigned CVE-2021-0674 and CVE-2021-0675 to the ALAC issues,” Check Point said. “Qualcomm released the patch for CVE-2021-30351 in the December 2021 Qualcomm Security Bulletin.”
However, users who have not yet implemented the security patch may be leaving their data vulnerable to breaches.
For this reason, experts are recommending users update their Android devices immediately.
To update your Android device, go to your Settings > About Phone > Check for Updates.
If an update is available, an ‘Update’ button should appear, simply tap it and then hit ‘Install’.
Please note, depending on your phone’s operating system, you may also see ‘Install Now’, ‘Reboot and install’, or ‘Install System Software’.
We pay for your stories!
Do you have a story for The US Sun team?