Mediatek Releases Patch To Fix Eavesdropping Bugs

Mediatek, a semiconductor manufacturer, has released a patch to address several vulnerabilities that allow attackers to intercept Android phone calls, execute commands, or elevate their privileges to a higher level.

The vulnerabilities include CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, which were all fixed in October, and CVE-2021-0673, which will be fixed in the upcoming update.

Since 43% of smartphones use Mediatek chips, the bug ensures that these devices are vulnerable to eavesdropping or malware infections while the update is not installed.

With these vulnerabilities in the hands of an attacker, several malicious activities could be carried out, including local privilege escalation attacks, sending messages to the DSP firmware, and most recently executing hidden code on the DSP chip.

Those using a MediaTek device that works on an older patch level should install mobile protection software from a verified vendor and refrain from risky practices such as installing APKs outside the Play Store.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web