For years, the search engine giant has been releasing a monthly dose of security patches for its operating system. One of the reasons for this practice is to fix various security vulnerabilities. A new report claims that a severe security vulnerability related to Mediatek chipsets has affected millions of Android devices with the sad part that some affected devices might no longer be patched.
Mediatek Chipset Vulnerability
XDA Developers first reported the Mediatek security vulnerability in Feb. 2019. It was first discovered by a developer who wanted to root the Amazon Fire tablet. The developer, named diplomatic shared a script that used Mediatek's vulnerability to root access Amazon Fire tablet.
Later, it was discovered that a Media Tek-su vulnerability was also found on various phones and tablets running on Mediatek processors. According to 9to5Google, the vulnerability is stuck inside the firmware of the central processing unit. Affected CPUs enables a simple script to root any devices running on Android with Mediatek chipset.
The site furnished a very long list of affected Android devices and claims that devices running on MediaTek 64-bit CPU are all virtually affected. Unknown to users of infected devices, a rogue app can easily gain root access on the device and could cause a lot of trouble to the whole system. While gaining root access could be a good thing, attackers could have a great time, given the range of access it offers.
Google Security Update
It turns out that this security vulnerability has been undetected for a long time because Mediatek could not directly fix it. Since Mediatek could not do it, it has to ask for Google to fix the security vulnerability through a security update. Interestingly, XDA Developers already reported to Google the issue last month, but the search engine giant reportedly asked the site not to publish the story until Mar.
It could be because Google would like to protect the affected users from the possible repercussions. In its Android Security Bulletin released this month, the search engine giant revealed that it had released a patch for the said security vulnerability. The bug, which is dubbed as CVE-2020-0032, could be easily exploited with a specially designed file.
Google also disclosed that this vulnerability could allow remote code execution. While the search engine giant did not go into so many details, it shared that it is the most crucial vulnerability patched in its March security update. It is just interesting to note that Google was informed by Mediatek about this issue 10 months ago, and it was only this month that it rolled out the patch for the vulnerability.
