Home > News content

Android security update in March will fully fix MediaTek Su permission vulnerability

via:cnBeta.COM     time:2020/3/3 12:08:47     readed:245

Google today reiterated the importance of keeping Android smartphones up-to-date with security updates, and users of devices using MediaTek chip based solutions should be more vigilant.In its march 2020 security bulletin, it pointed out a cve-2020-0069 security vulnerability that existed for up to a year.XDA developers wrote in a report this week that they knew about it as early as April 2019.

1.jpg

Some apps abusing MediaTek Su vulnerability in play store (figure from:TrendMicro)

Similar to the vulnerability disclosed by Google in cve-2020-0069, the XDA developers forum calls it mediatek-su, with a suffix indicating that malicious programs can gain access to super users.

2.png

By using MediaTek Su security vulnerability, a malicious program can obtain almost complete function permission without first obtaining root permission of the device (handling bootloader boot program), and even arbitrarily edit and modify relevant content.

3.png

From the moment he gets access, he can access any data, input and incoming and outgoing content. Applications can even execute malicious code in the background, sending commands to devices without the user's knowledge.

4.jpg

MediaTek soon discovered the vulnerability and released a fix, but unfortunately, device manufacturers did not have much incentive to push security updates to users. After a year, many users are still exposed to risks.

5.jpg

The good news is that MediaTek and Google are now working more closely to integrate this fix into the Android standard security update in March. After manufacturers push OTA updates, please install and deploy them in time to eliminate this security risk.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments