MediaTek Bug Actively Exploited, Affects Millions of Android Devices
This week, Google addressed a high severity flaw that exists in MediaTek’s Command Queue driver. The bug has already been used to build malicious apps that compromise Andriod devices by gaining root access. Developers have claimed this bug affects millions of devices. Google also released its March 2020 Android Security bulletin this week, in which the company disclosed a critical security vulnerability in the Andriod media framework.
This vulnerability, which is named CVE-202-0032, can enable attackers to execute remote code within the context of a privileged process. The bug can be exploited with a specially crafted file, according to the publication. Google did not provide many details, however, they did note that it is the most high-risk vulnerability out of the entire March update.