Android was exploded important security vulnerability: the root cause actually from Apple

Android has been exposed to a major security vulnerability, and the protagonist behind it is surprisingly Apple.

The vulnerability is said to exist in ALAC, which is commonly known as the Apple Lossless Audio Codec, an audio format introduced by Apple back in 2004. As the name implies, the codec promises to deliver lossless audio over the Internet.

While Apple designed its own proprietary version of ALAC, an open-source version exists that Qualcomm and MediaTek rely on in their Android smartphones. Notably, both chipset makers are using a version that hasn't been updated since 2011.

Technical jargon aside, the vulnerabilities in the open-source version of Apple NDT can be exploited by unprivileged Android apps to escalate their system privileges to media data and device microphones. This essentially means that apps can eavesdrop not only on phone conversations, but also on nearby conversations and other ambient sounds.

In fact, Qualcomm has been tracking the vulnerability using CVE identification tag CVE-2021-30351, while MediaTek is using CVE IDs CVE-2021-0674 and CVE-2021-0675.