MobileNews

It took Google months to patch a serious Android security flaw

Google has patched a critical security flaw that affects millions of Android devices with chipsets from MediaTek, XDA Developers revealed today. The vulnerability is a rootkit lodged in the CPU’s firmware. It allows a simple script to root Android devices that use nearly any of MediaTek’s 64-bit chips, so it has compromised hundreds of budget and mid-range smartphone, tablet and set-top box models, XDA says.

Google noted the patch (CVE-2020-0069) in its March Android security bulletin. While this is the first public disclosure, details about the exploit have been online for months. The vulnerability is still exploitable on dozens of device models, and hackers are actively using it. Worse, in all likelihood, many devices will never get the patch at all.

Hackers that use the exploit can cause damage in a number of ways. For instance, they could install any app and then grant it whatever permission it needs to hack the device. In the wrong hands, root access can empower ransomware and hypothetically make an entire device inoperable.

MediaTek has had patches available to fix this vulnerability since May 2019, but the company can’t force OEMs to fix their devices. Google, however, can force many OEMs to do so, through license agreements and program terms, XDA explains. Still according to XDA, Google knew about the vulnerability months before it took action. That’s especially disconcerting considering how widespread and dangerous the flaw is.

Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Christine Fisher.
Source: Engadget

Related posts
AI & RoboticsNews

Microsoft brings AI to the farm and factory floor, partnering with industry giants

AI & RoboticsNews

Edge data is critical to AI — here’s how Dell is helping enterprises unlock its value

AI & RoboticsNews

Box continues to expand beyond just data sharing, with agent-driven enterprise AI studio and no-code apps

Cleantech & EV'sNews

Porsche launches three new Taycan EV models, adding more performance and range

Sign up for our Newsletter and
stay informed!

Worth reading...
Analyst predicts iPhone 12 ‘supercycle’ driven by a ‘perfect storm’ for upgrades