CVE-2024-20011

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability in the ALAC (Apple Lossless Audio Codec) decoder allows remote attackers to execute arbitrary code without user interaction due to an incorrect bounds check. It affects devices using MediaTek chipsets with vulnerable ALAC implementations. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

• MediaTek chipsets with ALAC decoder

Versions: Specific versions not publicly detailed in advisory

Operating Systems: Android and other OS using MediaTek chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with MediaTek chipsets that include the vulnerable ALAC decoder implementation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Information disclosure and potential remote code execution on vulnerable MediaTek devices.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No user interaction required, making it highly dangerous if weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: ALPS08441146

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/February-2024

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply MediaTek security patch ALPS08441146. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable ALAC processing

all

Block or disable ALAC audio file processing if not required

Network filtering

all

Block ALAC files at network perimeter

🧯 If You Can't Patch

• Segment vulnerable devices from critical networks
• Implement strict application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Copy

Check device specifications for MediaTek chipset and review security patch level

Check Version:

Copy

Device-specific commands vary by manufacturer

Verify Fix Applied:

Copy

Verify patch ALPS08441146 is installed via device security settings

📡 Detection & Monitoring

Log Indicators:

• Unexpected process crashes in audio services
• Memory access violations in ALAC decoder

Network Indicators:

• Unusual ALAC file transfers to devices
• Exploit traffic patterns

SIEM Query:

Copy

Process:alac AND (EventID:1000 OR AccessViolation)

📊 Metadata

CVE ID: CVE-2024-20011

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 5, 2024

Last Updated: June 20, 2025

🔗 References

• https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory
• https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20011, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)

CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)

CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)