Published. Among other things, the Android developer has closed a dangerous vulnerability that is in Mediatek processors. Affected by this Dozens of mid-range smartphones (list on XDA Developers) used by millions of users. Malicious Android apps have been exploiting the vulnerability since at least January 2020. The error is XDA Developers Mediatek processors that will be manufactured from 2015.has details of his monthly -Patchday
The vulnerability CVE-2020-0069 allows an increase in rights. It is caused by a faulty driver of the Mediatek command queue. The dangerous thing about this bug is that an exploit called “MediaTek-su” has been around for almost a year, allowing temporary root access to a large number of Mediatek chips.
An XDA developer named ‘diplomatic’ has XDA Forum publishes a script that users can run to obtain superuser rights. While it was originally used for rooting Fire devices were intended to modify them, any application can contain and run “MediaTek-su” to gain root access in the shell, according to the XDA developers. However, restarting the device prevents root access.
Trendmicro reported in January that several malicious applications in the Google Play Store use “MediaTek-su” to gain root access to Android devices. The applications used the exploit to determine the location, battery status, files, a list of installed applications, screenshots and data from WeChat, Outlook,, , Gmail and to collect. Google removed the apps complained of at the time.
According to XDA developers, the vulnerability, according to Mediatek, affects smartphones with Linux kernels in versions 3.18, 4.4, 4.9 or 4.14, on which Android runs in versions 7 Nougat, 8 Oreo or 9 Pie. Mediatek devices running Android 10 are not vulnerable because “the access permission of CMDQ device nodes is also enforced by SELinux,” the company said.
Patch available since May 2019
Mediatek had already released patches for the bug in May 2019, but only Amazon used it for its Fire OS devices. However, many OEMs that use Mediatek processors in their smartphones did not ship the fix. The reasons for this are unknown. According to XDA-Developers, Google only learned of the problem in January through the Trendmicro report and has only been actively working on a solution since then.
The Android patch level 5.3.2020 now includes the fix for the Mediatek bug. Now one can be curious how long it will take for these patches to reach the affected smartphones. Typically, only premium smartphones receive regular security updates. Therefore, users of affected devices should not install unknown apps for the time being.
Android Security Bulletin March 2020
In addition to the error in Mediatek processors, the Security Breach march closes other vulnerabilities. As always, Google divides the updates. The patch level labeled 1.3.2020 includes bug fixes for the Android framework, while patch level 5.3.2020 also addresses kernel and vendor driver vulnerabilities. Most smartphone manufacturers initially implement only the first patch level, presumably for time constraints. However, the first patch level of the following month also includes the bug fixes of the second patch level from the previous month.
The first patch level closes a total of 12 security vulnerabilities, of which a (CVE-2020-0032) is classified as “critical”. Vulnerabilities that can be exploited without warnings or prompts are classified as “critical”. Examples include the remote extension of user rights, which allows attackers to write to the file system or execute arbitrary code without user interaction.
The second patch level closes a total of 60 vulnerabilities. This includes the already mentioned error in Mediatek processors. Of these vulnerabilities, 16 are classified as “critical.” They are invariably plugged into Qualcomm components.
In addition to Google’s monthly security updates, smartphone manufacturers also release details of gaps that can only be found in devices of the respective manufacturer. reports this month of 25 vulnerabilities. However, the company only gives details of five gaps, all of which are not classified as “critical”. So it can be assumed that the remaining vulnerabilities are so severe that Samsung does not give details of it in order not to encourage cybercriminals to exploit them fraudulently.
For some smartphones, such as the Galaxy S10, Samsung is already distributing the March 2020 security patches. The world’s largest smartphone maker has been delivering security updates just as quickly as Google for several months.