As we mentioned yesterday, one serious vulnerability on MediaTek chipsets left millions unprotected Android smartphones. The company had released an update from May 2019, one month after the vulnerability was discovered, but Companies they had not taken care to implement it on smartphones their. Now, Google is releasing a patch to fix the vulnerability.
The vulnerability was named MediaTek-SU (CVE-2020-0069) and was accidentally discovered by forum members XDA developers.
The vulnerability has been around since April 2019, but the attackers have begun to exploit it and carry out hacking campaigns lately.
As we said above, MediaTek immediately released an update to fix the vulnerability, but the update was not implemented on smartphones and so the hackers were able to hack sensitive phones and install malicious software on Appliances.
Exploiting vulnerability is a simple process. Users can execute a script to gain superuser access to the shell, as well as set it SELinuxThe Linux kernel module that provides access control for various processes. So by running the script, the users can acquire access with increased privileges on users' smartphones.
Running the error
Since January 2020, h Trend Micro has detected malware spyware on Google Play, that use MediaTek-SU vulnerability to infringe on the devices of the users who install them.
Now, the vulnerability is corrected by Google, along with other critical vulnerabilities, with its release Android Security bulletin for March 2020.
Another critical vulnerability that is corrected is CVE-2020-0032, which can execute malicious code and give access to systems of the victims.