The latest March 2020 Android security update has fixed a critical security vulnerability that impacted millions of MediaTek devices.
According to Google’s recent Android Security Bulletin, the flaw, know as CVE-2020-0069, affected the Command Queue driver.
This would allow users to gain SuperUser or Root access on various Android devices, giving them the ability to delete pre-installed apps, unlock the bootloader, tweak system parameters and sideload applications from the Google Play Store, opening up possible multiple security threats.
According to reports, this rootkit has been available online since April 2019. Although MediaTek released a patch to attempt to fix this vulnerability last year, it was still being exploited by hackers, who could install a malicious app, access user files, use the device to snoop on to the users, or even render it useless by bricking it.
The exploit reportedly works on almost all devices powered by MediaTek’s 64-bit chipsets, a list which includes devices from popular manufacturers like Alcatel, Amazon, ASUS, Blackview, Huawei, LG, Meizu, Nokia, Motorola, OPPO, Sony, Realme, Xiaomi, ZTE, and many more.
Taiwanese chipmaker MediaTek powers hundreds of different Android devices worldwide, including smartphones, set-top boxes, tablets and other devices. Since most of these are entry level or mid-budget devices, such items rarely receive software updates from their manufacturers.
However now that Google's March 2020 security patch has been released, most devices should ideally be able to update it until and unless the manufacturer releases it further.
- The best antivirus software for 2020
Via: XDA-Developers (opens in new tab)