Security News > 2020 > March > Google fixes MediaTek bug in Android March patches
Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices.
Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.
The bug allows an attacker to get root access to an Android device without unlocking the bootloader, XDA-Developers said, by copying a script to their device and executing it in a shell.
The only critical flaws in the 2020-03-05 patch group were in closed source components from chip vendor Qualcomm, which accounted for 48 of the bugs in the Android bulletin overall.
A buffer overflow bug in Qualcomm's video processing is remotely exploitable, as is a Bluetooth bug.
News URL
https://nakedsecurity.sophos.com/2020/03/04/google-fixes-mediatek-bug-in-android-march-patches/
Related news
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-0069 | Out-of-bounds Write vulnerability in multiple products In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. | 7.8 |