Security News > 2021 > November > Mediatek eavesdropping bug impacts 30% of all Android smartphones

Mediatek eavesdropping bug impacts 30% of all Android smartphones
2021-11-24 14:23

MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level.

MediaTek is one of the largest semiconductor companies in the world, with their chips present in 43% of all smartphones as of the second quarter of 2021.

These vulnerabilities were discovered by Check Point, with three of them fixed in the October 2021 MediaTek Security Bulletin, and the fourth fixed by a security update coming next month.

These flaws mean that all smartphones using MediaTek chips are vulnerable to eavesdropping attacks or malware infections that require no user interaction if the security updates are not installed.

Modern MediaTek processors use a dedicated audio processing unit called Digital Signal Processor to reduce CPU loads and improve audio playback quality and performance.

MediaTek will release more details about the CVE-2021-0673 vulnerability in an upcoming security bulletin to be released in December 2021.


News URL

https://www.bleepingcomputer.com/news/security/mediatek-eavesdropping-bug-impacts-30-percent-of-all-android-smartphones/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-17 CVE-2021-0673 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check.
local
low complexity
google CWE-862
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mediatek 56 0 39 45 13 97