Cyber security researchers have identified a vulnerability in millions of Android devices that use MediaTek chipsets. The vulnerability, named CVE-2024-20017, allows remote code execution without requiring user interaction.
Vulnerability affecting MediaTek chipsets
Attackers can exploit this vulnerability by infiltrating the wireless network to which the target device is connected. This malware method, described as “zero-click”, is highly dangerous as it does not require users to click on any links or download files.
The vulnerability was found in MediaTek’s “wappd” software that manages Wi-Fi interfaces and access points. This vulnerability, which scored as high as 9.8 on the CVSS scale, affects devices using MediaTek SDK 7.4.0.1 and earlier. This means that many Android phones and tablets are at risk.
Although an update has been released by MediaTek, code for exploiting the vulnerability is already available online. This suggests that cyber attackers may attempt to exploit the vulnerability to take over devices.
Experts warn users to install the latest software updates on their devices and avoid public Wi-Fi networks whenever possible. Additional precautions can also be taken, such as using mobile data in public areas or activating airplane mode.
It is very important for owners of devices with MediaTek chipsets to be extra careful. Of course, there is no such risk on the Qualcomm Snapdragon side.