While performing an analysis on Amazon Fire tablets, members of XDA Developers discovered the vulnerability, tracked as CVE-2020-0069.
This vulnerability has been open since April 2019 and has now been used in attack campaigns. Even though MediaTek released a patch, attackers continue to exploit the vulnerability by installing a malicious application on devices. All devices with the MediaTek 64-bit chipsets are vulnerable, including Motorola, OPPO, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, as well as others.
The execution of the vulnerability is accomplished through a script shared to give users superuser access. This also allowed attackers root access.
Google issued a patch as part of the March 2020 Android Security bulletin along with a separate critical bug, CVE-2020-0032 that would allow execution of arbitrary code as a privileged user. This vulnerability supplements CVE-2019-2215 and its link to SideWinder APT Group.