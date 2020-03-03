Latest in Gear

Image credit: NatalyaBurova via Getty Images

It took Google months to patch a serious Android security flaw

The vulnerability affects millions of Android devices with Mediatek's 64-bit chipsets.
Christine Fisher, @cfisherwrites
1h ago
Comments
Share
Tweet
Share

Sponsored Links

NatalyaBurova via Getty Images

Google has patched a critical security flaw that affects millions of Android devices with chipsets from MediaTek, XDA Developers revealed today. The vulnerability is a rootkit lodged in the CPU's firmware. It allows a simple script to root Android devices that use nearly any of MediaTek's 64-bit chips, so it has compromised hundreds of budget and mid-range smartphone, tablet and set-top box models, XDA says.

Google noted the patch (CVE-2020-0069) in its March Android security bulletin. While this is the first public disclosure, details about the exploit have been online for months. The vulnerability is still exploitable on dozens of device models, and hackers are actively using it. Worse, in all likelihood, many devices will never get the patch at all.

Hackers that use the exploit can cause damage in a number of ways. For instance, they could install any app and then grant it whatever permission it needs to hack the device. In the wrong hands, root access can empower ransomware and hypothetically make an entire device inoperable.

MediaTek has had patches available to fix this vulnerability since May 2019, but the company can't force OEMs to fix their devices. Google, however, can force many OEMs to do so, through license agreements and program terms, XDA explains. Still according to XDA, Google knew about the vulnerability months before it took action. That's especially disconcerting considering how widespread and dangerous the flaw is.

Engadget has reached out to Google for comment.

Source: Android Security Bulletin, XDA Developers
Coverage: 9to5Google
In this article: 64-bit, android, devices, exploit, gadgetry, gadgets, gear, google, mediatek, mobile, patch, rootkit, security, vulnerability
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The gadgets that refuse to die

The gadgets that refuse to die

View
Amazon has a rare sale on official iPhone cases

Amazon has a rare sale on official iPhone cases

View
Xiaomi's Black Shark 3 Pro gaming phone has pop-up shoulder buttons

Xiaomi's Black Shark 3 Pro gaming phone has pop-up shoulder buttons

View
WhatsApp's dark mode rolls out on Android and iOS today

WhatsApp's dark mode rolls out on Android and iOS today

View
The Koenigsegg Gemera is a four-seater hybrid with 31 miles of EV-only range

The Koenigsegg Gemera is a four-seater hybrid with 31 miles of EV-only range

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr