Mediatek eavesdropping bug impacts 30% of all Android smartphones

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,306
MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level.

MediaTek is one of the largest semiconductor companies in the world, with their chips present in 43% of all smartphones as of the second quarter of 2021

These vulnerabilities were discovered by Check Point, with three of them (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) fixed in the October 2021 MediaTek Security Bulletin, and the fourth (CVE-2021-0673) fixed by a security update coming next month.

These flaws mean that all smartphones using MediaTek chips are vulnerable to eavesdropping attacks or malware infections that require no user interaction if the security updates are not installed.

There will likely never receive a security update for a notable number of older devices that vendors no longer support.