Google has disclosed a severe vulnerability affecting dozens of models of mid-range Android devices running on chips from MediaTek. Malicious Android apps have been exploiting the flaw since at least January 2020.
The elevation-of-privilege flaw, tracked as CVE-2020-0069, is disclosed in Google’s March 2020 Android bulletin and affects the MediaTek Command Queue driver.
The dangerous part about this bug is that an exploit has been floating around for almost a year called ‘MediaTek-su’, which enables temporary root access on a large number of MediaTek chips.