A few security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if still left unresolved, could allow an adversary to remotely get obtain to media and audio discussions from influenced cellular gadgets.
According to Israeli cybersecurity corporation Check out Place, the issues could be utilized as a launchpad to carry out distant code execution (RCE) attacks simply just by sending a specifically crafted audio file.
“The effect of an RCE vulnerability can range from malware execution to an attacker attaining handle above a user’s multimedia info, which include streaming from a compromised machine’s camera,” the scientists reported in a report shared with The Hacker News.
“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and obtain accessibility to media facts and person conversations.”
The vulnerabilities are rooted in an audio coding structure originally produced and open up-sourced by Apple in 2011. Identified as the Apple Lossless Audio Codec (ALAC) or Apple Lossless, the audio codec structure is utilised for lossless data compression of digital new music.
Given that then, various third-get together sellers, which include Qualcomm and MediaTek, have incorporated the Apple-provided reference audio codec implementation as the foundation for their individual audio decoders.
And while Apple has persistently patched and remediated security flaws in its proprietary model of ALAC, the open up-sourced variant of the codec has not gained a single update considering that it was uploaded to GitHub 11 a long time back on Oct 27, 2011.
The vulnerabilities found out by Test Level relate to this ported ALAC code, two of which have been discovered in MediaTek processors and just one in Qualcomm chipsets –
- CVE-2021-0674 (CVSS rating: 5.5, MediaTek) – A circumstance of poor enter validation in ALAC decoder major to details disclosure devoid of any person interaction
- CVE-2021-0675 (CVSS score: 7.8, MediaTek) – A nearby privilege escalation flaw in ALAC decoder stemming from out-of-bounds write
- CVE-2021-30351 (CVSS rating: 9.8, Qualcomm) – An out-of-certain memory entry thanks to inappropriate validation of selection of frames remaining handed during tunes playback
In a proof-of-notion exploit devised by Examine Level, the vulnerabilities made it possible to “steal the phone’s digital camera stream,” explained security researcher Slava Makkaveev, who is credited with discovering the flaws along with Netanel Ben Simon.
Pursuing responsible disclosure, all the three vulnerabilities were closed by the respective chipset suppliers in December 2021.
“The vulnerabilities had been conveniently exploitable,” Makkaveev described. “A danger actor could have despatched a music (media file) and when performed by a prospective sufferer, it could have injected code in the privileged media assistance. The risk actor could have noticed what the mobile phone person sees on their phone.”
Uncovered this posting appealing? Adhere to THN on Facebook, Twitter and LinkedIn to go through much more exclusive content we article.
Some parts of this article are sourced from:
thehackernews.com