MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125)
MediaTek has released its latest Product Security Bulletin, addressing a high-severity vulnerability that could lead to unauthorized access and control of user devices. The vulnerability, identified as CVE-2024-20125, allows attackers to exploit a missing bounds check in the video decoder (vdec) component of several MediaTek chipsets.
This out-of-bounds write vulnerability could enable local privilege escalation, potentially granting attackers system execution privileges. The vulnerability affects a wide range of MediaTek chipsets used in smartphones, tablets, and other devices, including MT6580, MT6761, MT6765, and many others.
MediaTek has released patches to address this vulnerability and has notified device manufacturers (OEMs) at least two months before public disclosure. Users are strongly urged to update their devices with the latest security updates provided by their device manufacturers as soon as they become available.
In addition to the high-severity vulnerability, the bulletin also addresses several medium-severity vulnerabilities, including out-of-bounds reads in Telephony and other components, stack overflows, uncaught exceptions, and reachable assertions. These vulnerabilities could lead to denial of service, information disclosure, and other security risks.
The vulnerabilities span a broad spectrum of MediaTek chipsets, including but not limited to:
- Smartphones and tablets with MT6761, MT6781, and MT6985 chipsets.
- Smart displays and OTT devices powered by MT8195 and MT8390.
- IoT devices relying on MT7925 and MT8518S.
MediaTek encourages users to check their device manufacturer’s website or their device’s settings for the latest software updates.
Related Posts:
- Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities
- MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets
- MediaTek Security Bulletin Highlights High Severity Vulnerabilities in Mobile Chipsets
- Mediatek Chipsets code execution vulnerability
