356
143 shares, 356 points

Israel-based cybersecurity company CheckPoint discovered a vulnerability that could allow code execution on millions of devices. According to the details

CheckPoint researchers shared with The Hacker News , these vulnerabilities of the RCE (Remote Code Execution) type allow attackers to access data without the need to run any malware on their targets.

In addition, the privileges of Android applications running with low rights can be upgraded.

ALLHACK zafiyedollar series, which originates from the open source lossless audio codec named ALAC (Apple Lossless Audio Codec) developed by Apple in 2011, is used by Qualcomm and MediaTek.

While the security vulnerabilities in the proprietary versions of ALAC are constantly being patched by Apple, the open source version used by the chip manufacturers does not seem to have been updated since 2011.

According to CheckPoint’s article, two of the vulnerabilities affect MediaTek and one Qualcomm chips.

  • CVE-2021-0674 (MediaTek): Information disclosure on ALAC codecs without any user intervention
  • CVE-2021-0675 ( MediaTek): Local entitlement promotion (LPE) vulnerability using ALAC codecs
  • CVE-2021-30351 (Qualcomm): Out-of bound memory access due to incorrect authentication during audio playback While this vulnerability

was found to be patched by CheckPoint in December 2021, Qualcomm and MediaTek have already released security updates for the devices.

Those who have not yet updated their devices at the moment do not need to do anything else to close the gap, except apply the software updates.


Like it? Share with your friends!

356
143 shares, 356 points

What's Your Reaction?

hate hate
981
hate
confused confused
490
confused
fail fail
122
fail
fun fun
1226
fun
geeky geeky
1104
geeky
love love
736
love
lol lol
858
lol
omg omg
490
omg
win win
122
win
Michael Lewis

Emperor

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format