1. Forum
  2. TQWNet
  3. TQW GENTECH

  • MediaTek reveals host of security vulnerabilities, so patch now

    From TechnologyDaily@1337:1/100 to All on Tuesday, January 07, 2025 12:15:05
    MediaTek reveals host of security vulnerabilities, so patch now

    Date:
    Tue, 07 Jan 2025 12:03:00 +0000

    Description:
    A dozen flaws, including a critical-severity RCE, were found affecting multiple MediaTek chipsets.

    FULL STORY ======================================================================MediaTek
    releases security advisory detailing 13 vulnerabilities Among them is a critical-severity RCE, plaguing 51 chipsets Flaws have been addressed and patches are available, so update now

    MediaTek has disclosed more than a dozen vulnerabilities affecting various elements of its products.

    Among the flaws is a remote code execution (RCE) vulnerability affecting the modem component, found in 51 chipsets. Tracked as CVE-2024-20154, it was
    given a critical severity rating, although the exact score was not disclosed (its somewhere in the 9.0-10.0 range).

    In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed, MediaTek explained in its security advisory. User interaction is not needed for exploitation. No evidence of abuse

    While the list of affected chipsets is fairly extensive and includes devices used in IoT gear, Chromebooks, cars, and smartphones, the number of software versions is only six. The entire list can be found on this link .

    Among the other flaws are seven that were rated as high severity, including privilege escalations, denial of service, remote code execution, information leakage, and more. MediaTek said it notified device manufacturers two months ago, suggesting that the vulnerabilities have since been patched for the most part.

    Prior to this January 2025 update, MediaTek addressed critical
    vulnerabilities in its chipsets in November 2024. That Product Security Bulletin detailed several high-severity vulnerabilities, including CVE-2024-20104 and CVE-2024-20106, which could lead to privilege escalation and arbitrary code execution. These flaws affected a range of chipsets, and users were advised to apply the latest security updates as soon as possible.

    At press time, there was no evidence that any of these flaws were being
    abused in the wild. However, since threat actors will often scan the internet for endpoints vulnerable to known flaws, users are advised not to delay the patch.

    Via The Register You might also like Many top 5G phones could have major security issues - what you need to know Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mediatek-reveals-host-of-security-vulne rabilities-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)