Recently, some media exposed a thing about the android phone vulnerability.
According to media reports, hackers can use a piece of music file to turn your Android phone into a remote bugging device for hackers while listening to music, and perhaps 37% of mobile phones in the world are exposed to such dangers.
It is said that hackers can remotely obtain the camera and microphone permissions of your Android phone, and even be able to eavesdrop on your calls, the sounds around you, and so on...
So what exactly is going on with this vulnerability? In fact, it is caused by a lossless music format, which is the ALAC format.
This format was made by Apple in 2004, put on its own MP4 and other devices, and of course, later put on iPhone and other devices.
However, in 2011, Apple felt that since it had developed a lossless format, it should be shared for everyone to use together, so as to promote the improvement of the entire ALAC ecosystem.
So Apple open sourced the code in ALAC format and put it on GitHub for other friends to download and use for free.
Since it can "white prostitute" Apple's technology, friends will certainly not refuse, so Qualcomm and MediaTek will directly port the open source version of ALAC code to their own audio decoders.
However, it is interesting that although Apple's own ALAC format continues to improve, adjust, modify, and improve, the source code of the ALAC format put on GitHub has not been modified and maintained since it was released in 2011, and it is in a state of indifference.
After Qualcomm and MediaTek got apple's ALANC source code, they have not modified it themselves, so they used the code for 11 years, so they are used intact, and no one maintains it.
Finally, this vulnerability appeared, it is not so difficult to understand, as for Apple's own ALANC code, it has been maintained, so these vulnerabilities do not exist, iPhone devices do not exist this vulnerability.
This may be the price of Qualcomm and MediaTek who want to "white prostitute" Apple code, but now Qualcomm and MediaTek have also remediated and launched patches, so if everyone's mobile phone prompts to update or update it, so as not to let such and such vulnerabilities make their mobile phones controlled by others.