Android March security update will fully fix MediaTek-SU permission vulnerability

Google today reiterated the importance of keeping Android smartphones up-to-date with security updates, and device users using MediaTek chip solutions should be more vigilant. In the March 2020 security bulletin, it identified a cVE-2020-0069 security vulnerability that existed for up to a year. In a report this week, XDA-Developers wrote that they had been aware of the matter as early as April 2019.

Android March security update will fully fix MediaTek-SU permission vulnerability

Part of the app in the Play Store that abuses MediaTek-SU vulnerabilities (photo: TrendMicro)

Similar to the vulnerability disclosed by Google in CVE-2020-0069, the XDA-Developers forum refers to it as MediaTek-SU, and the suffix indicates that a malicious program can gain access to a super user.

Android March security update will fully fix MediaTek-SU permission vulnerability

With MediaTek-SU security vulnerabilities, malicious programs can gain almost complete functional rights, even wanton editing and modifying relevant content, without first acquiring the device’s root permissions (processing bootloader bootsboot) and even wanton editing and modifying relevant content.

For malware authors, the move is like opening a backdoor panel on an Android phone that allows users to do whatever they want.

Android March security update will fully fix MediaTek-SU permission vulnerability

From the moment he gets decentralised access, he can touch any data, input, and incoming outgoing content. Applications can even execute malicious code in the background and send commands to the device without the user’s knowledge.

Android March security update will fully fix MediaTek-SU permission vulnerability

MediaTek quickly discovered the vulnerability and released a fix, but unfortunately, the device manufacturer did not have much incentive to push security updates to users. After a year, many users are still exposed to risk.

Android March security update will fully fix MediaTek-SU permission vulnerability

The good news is that MediaTek has now struck a closer relationship with Google to integrate the fix into the Android standard security update patch for March. After the vendor pushes the OTA update, install the deployment in time to eliminate this security risk.