Google engineers released the March update kit for Android, in which were fixed more than 70 various vulnerabilities, including critical ones. In particular, was fixed critical bug in MediaTek processors, which still threatens millions of devices.
The critical error CVE-2020-0032 has been fixed at security level 2020-03-01. This set of updates included a total of 11 vulnerabilities in the Media Framework, the framework, and the system itself.The CVE-2020-0032 bug enables remote execution of arbitrary code and affects devices running Android 8.0, 8.1, 9, and 10.
“This vulnerability allows remote attacker to execute arbitrary code in the context of a privileged process with the use of a specially crafted file”, – clarifies Google.
Two more problems were fixed in the Media Framework (not the first vulnerabilities of the Media Framework and similar to those fixed in the July update), both had a high degree of severity and could lead to privilege escalation (CVE-2020-0033) and information disclosure (CVE-2020-0034). The first bug concerns Android 8.0, 8.1, 9 and 10, and the second affects only Android 8.0 and 8.1.
The second part of the March 2020-03-05 patch set contains patches for 60 vulnerabilities. These bugs affect the system, kernel components, FPC, MediaTek, as well as Qualcomm components (by the way, a rather old vulnerability that users ignore), including 40 vulnerabilities in components with closed source code (16 of them are rated as critical, and the rest have a high degree of risk).
One of the most serious problems fixed at 2020-03-05 was the vulnerability CVE-2020-0069. This issue is related to MediaTek components (namely, the Mediatek Command Queue driver) and can lead to privilege escalation.
According to XDA-Developers, the vulnerability was discovered back in April 2019, and MediaTek engineers released the patch shortly afterwards.
“Despite MediaTek making a patch available a month after discovery, the vulnerability is still exploitable on dozens of device models. Even worse, hackers actively exploiting the vulnerability. Now MediaTek has turned to Google to close this patch gap and secure millions of devices against this critical security exploit”, — write XDA-Developers specialists.
It is known that the problem affects all 64-bit chips of the manufacturer, which means that it is represented in about two dozen MediaTek chipsets and threatens millions of Android devices. Therefore, the vulnerability concerns MediaTek devices with Linux kernel versions 3.18, 4.4, 4.9 and 4.14, running Android versions 7 (Nougat), 8 (Oreo) or 9 (Pie).
Even worse, an exploit for this vulnerability has been available for over a year and is called MediaTek-su. It allows obtaining root rights on devices (up to rebooting the device). According to TrendMicro, malicious applications have been using this flaw to gain root access at least since January 2020.
“In particular, the vulnerability was used to collect information about the location of infected devices, battery status, list of installed applications, created screenshots, as well as for collecting data from WeChat, Outlook, Twitter, Facebook, Gmail and Chrome”, – say TrendMicro specialists.
According to the XDA-Developers forums, the MediaTek-su exploit, originally designed solely for rooting Amazon Fire devices, works great against dozens of low-cost Android devices released by Acer, Huawei, Lenovo, LG, Sony, and ZTE.