XDA developers are full of users with technical knowledge to create, improve and repair entire Android-based systems. Modders, users who make modifications to devices with the Google system remove bloatware, update ROMs or are able to bring devices that no longer work to life.
However, an XDA modder found an exploit in the Mediatek chipsets, in many Mediatek chipsets. The modder was using this vulnerability to unlock the boot loaders for Amazon Fire tablets, which is quite in demand, as this allows you to install the Google Play Store on Amazon tablets.
Through this research by the developer, XDA realized that this vulnerability, dubbed Mediatek-su, could potentially allow a hacker to do just about anything on a victim's smartphone that uses a device with Mediatek processors.
We are talking about everything from installing applications, changing permissions for existing applications and accessing private data. This discovery took place in early February, and after research was done, Mediatek was found to have known the problem almost ten months ago.
Mediatek released a patch for its chipsets to correct this vulnerability, however, Mediatek manufactures chipsets, not smartphones, so it is up to the device manufacturer to send this patch for its products.
As expected, Amazon did just that, immediately released a correction. But Mediatek processors are used in hundreds of different smartphones and tablets from dozens of manufacturers. Many of these companies have no resources or motivation to issue Android updates, even the most critical ones.
With a potential risk to various devices, XDA assumed that Google would use its influence to force manufacturers to release the fix for Mediatek soon.-su. However, Google told XDA not to publish anything about it until today, the day that Google would launch the Android Security Bulletin in March 2020.
Google's assumption was that if as few people as possible knew about the vulnerability until the patch came, the danger would be mitigated. Of course, Google could also have released an extra newsletter to let you know about the problem and its correction. That would be more than fair, after all, the problem has existed for months.
Above all, it is still up to the manufacturers to correct this problem completely, and many of them simply do not. Unfortunately, this means that there are probably thousands (or possibly millions) of devices that are, from now on, completely vulnerable.
This means that things like ransomware, adware and other extremely problematic software hacks can infect these devices to an alarming degree. Mediatek's processors are mainly used in medium and low budget devices. This means that many more people are now with vulnerable devices.
See if your Android device is one of the devices affected by Mediatek-su. The XDA Developers user claims that the vulnerability is present in "virtually all MediaTek 64-bit chips" and specifically names the following processors as vulnerable: MT6735, MT6737, MT6738, MT6739, MT6750, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797, MT6799, MT8163, MT8167, MT8173, MT8176, MT8183, MT6580 and MT6595.
Just to give you an idea, the processors MT6735, MT6750 and MT6580 added up to almost 400 different smartphones.