Recent security bulletins have disclosed high-severity vulnerabilities in MediaTek smartphone chipsets, which could enable attackers to escalate privileges and gain unauthorized access to the affected devices.
These vulnerabilities, identified in various MediaTek components, pose significant risks to Android smartphones running on the company’s processors.
MediaTek bulletins highlighted vulnerabilities in Android versions 12, 12L, 13, and 14, which could be exploited to obtain sensitive information and gain elevated privileges.
Two Notable Vulnerabilities:
1. CVE-2024-20104: This is a high-severity out-of-bounds write vulnerability in the DA component, affecting a wide range of chipsets, including MT6781, MT6789, MT6835, and others.
This flaw could lead to local privilege escalation without additional execution privileges, though user interaction is required for exploitation.
Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs
2. CVE-2024-20106: This is another high-severity vulnerability, this time a type confusion issue in the m4u component. It affects chipsets such as MT6739, MT6761, MT6765, and others.
This vulnerability could also result in local privilege escalation but requires system execution privileges and no user interaction.
These vulnerabilities stem from flaws in various components, including the Framework, System, Kernel, and MediaTek-specific elements.
To mitigate these risks, users are strongly advised to:
- Update their devices to the latest Android version available.
- Enable automatic updates for both the operating system and apps.
- Download apps only from trusted sources like the Google Play Store.
- Avoid clicking on unknown links or responding to unsolicited messages.
MediaTek has proactively addressed these issues, releasing patches to mitigate the vulnerabilities. Users are encouraged to apply security updates from device manufacturers as soon as they become available.
As the mobile landscape evolves, staying vigilant and keeping devices updated remains crucial for maintaining smartphone security.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!