Researchers have discovered four Mediatek vulnerabilities that, if successfully exploited would have permitted malicious hackers to perform a series of actions like Android phone calls eavesdropping, commands execution and increased rights elevation. Three of the discovered flaws were fixed by the company along with the Mediatek Security Bulletin from last month and the fourth will be addressed by next month’s security update.
The Mediatek Vulnerabilities: More Details
The Mediatek vulnerabilities were identified by CheckPoint researchers and these have the following CVEs: CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, these are caused by an inaccurate bound check that triggers local privilege escalation through the possibility of an out of bound write and the fourth dubbed CVE-2021-0673 for which no details have been provided yet, these being expected next month.
How did the researchers discover these vulnerabilities?
According to their report, a DSP, which means Digital Signal Processor, is the name of the dedicated audio processing unit that is used in modern MediaTek processors. Its role is to work on better performance of the CPU, thus reducing loads, and also works on the performance and quality enhancement of the audio playback.
Android applications transmit audio processing requests to this unit by means of an IPC