Check Point ya gano lahani a cikin MediaTek (CVE-2021-0674, CVE-2021-0675) da Qualcomm (CVE-2021-30351) masu dikodi don tsarin matsi na audio na Apple Lossless Audio Codec (ALAC). Matsalar tana ba da damar aiwatar da lambar maharin yayin sarrafa bayanai na musamman a cikin tsarin ALAC.
Haɗarin raunin yana daɗaɗaɗawa da gaskiyar cewa yana shafar na'urorin Android sanye take da kwakwalwan kwamfuta na MediaTek da Qualcomm. Sakamakon harin, maharin na iya tsara aiwatar da aiwatar da malware akan na'urar da ke da damar yin amfani da bayanan sadarwa da bayanan mai amfani, gami da bayanai daga kyamara. Dangane da wani kiyasi mai tsauri, kashi 2/3 na duk masu amfani da wayoyin komai da ruwanka dangane da dandalin Android suna fama da matsalar. Misali, a Amurka, jimillar kason duk wayowin komai da ruwan Android da aka siyar a Q4 2021 da aka aika tare da kwakwalwan kwamfuta na MediaTek da Qualcomm ya kai kashi 95.1% (48.1% - MediaTek, 47% - Qualcomm).
Har yanzu ba a bayyana cikakkun bayanai game da amfani da raunin ba, amma an ba da rahoton cewa an yi gyara ga MediaTek da Qualcomm abubuwan da aka gyara don dandamalin Android a cikin Disamba 2021. A cikin rahoton Disamba game da lahani a cikin dandali na Android, an yiwa matsalolin alamar lahani mai mahimmanci a cikin rufaffiyar ɓangarori na kwakwalwan kwamfuta na Qualcomm. Ba a ambaci raunin da ke cikin abubuwan MediaTek a cikin rahotannin ba.
Rashin lahani yana da ban sha'awa ga tushen sa. A cikin 2011, Apple ya buɗe ƙarƙashin lasisin Apache 2.0 lambar tushe don codec na ALAC, wanda ke ba ku damar damfara bayanan sauti ba tare da asara mai inganci ba, kuma ya ba ku damar amfani da duk takaddun shaida masu alaƙa da codec. An buga lambar amma ba a kula da ita kuma ba ta canza ba a cikin shekaru 11 da suka gabata. A lokaci guda, Apple ya ci gaba da tallafawa daban-daban aiwatar da amfani da shi a cikin dandamali, gami da gyara kwari da raunin da ke cikinsa. MediaTek da Qualcomm sun kafa tsarin aiwatar da codecs na ALAC akan asalin buɗaɗɗen lambar tushe na Apple, amma ba su magance raunin da aiwatar da Apple ya yi ba a cikin aiwatarwa.
Har yanzu babu wani bayani game da bayyanar rauni a lambar wasu samfuran waɗanda kuma suke amfani da tsohuwar lambar ALAC. Misali, tsarin ALAC yana samun goyan bayan FFmpeg 1.1, amma lambar aiwatar da dikodi ana kiyaye shi sosai.
source: budenet.ru