Android March security update will fully fix MediaTek-SU permission vulnerability

Google today reiterated the importance of keeping Android smartphones up to date with security updates, and users of devices based on MediaTek chips should be more vigilant. In its March 2020 security bulletin, it pointed out a year-old CVE-2020-0069 security vulnerability. XDA-Developers wrote in a report this week that they had known about it as early as April 2019.

Similar to the vulnerability disclosed by Google in CVE-2020-0069, the XDA-Developers forum calls it MediaTek-SU, and the suffix indicates that malicious programs can use it to gain super user access.

By exploiting the MediaTek-SU security vulnerability, malicious programs can obtain almost complete functional permissions and even edit and modify related content at will without first obtaining root permissions of the device (processing the bootloader).

For malware authors, this is tantamount to opening a backdoor panel on Android phones, allowing them to do whatever they want to users.

From the moment he gains privileged access, he can get his hands on any data, input, and content coming in and out. The app can even execute malicious code in the background, sending commands to the device without the user's knowledge.

MediaTek quickly discovered the vulnerability and released a fix, but unfortunately, device manufacturers don’t have much incentive to push security updates to users. A year later, many users are still exposed to the risk.

The good news is that MediaTek and Google have now reached a closer collaboration to integrate this fix into the Android standard security update patch in March. After the manufacturer pushes the OTA update, please install and deploy it in time to eliminate this security risk.