Critical MediaTek Vulnerability Patched by Google [CVE-2020-0069]

While performing an analysis on Amazon Fire tablets, members of XDA Developers discovered the vulnerability, tracked as CVE-2020-0069.

This vulnerability has been open since April 2019 and has now been used in attack campaigns. Even though MediaTek released a patch, attackers continue to exploit the vulnerability by installing a malicious application on devices. All devices with the MediaTek 64-bit chipsets are vulnerable, including Motorola, OPPO, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, as well as others.

The execution of the vulnerability is accomplished through a script shared to give users superuser access. This also allowed attackers root access.

Google issued a patch as part of the March 2020 Android Security bulletin along with a separate critical bug, CVE-2020-0032 that would allow execution of arbitrary code as a privileged user. This vulnerability supplements CVE-2019-2215 and its link to SideWinder APT Group.

IOCs

  • ec4d6bf06dd3f94f4555d75c6daaf540dee15b18d62cc004e774e996c703cb34
  • a60fc4e5328dc75dad238d46a2867ef7207b8c6fb73e8bd001b323b16f02ba00
  • 0daefb3d05e4455b590da122255121079e83d48763509b0688e0079ab5d48886
  • 441d98dff3919ed24af7699be658d06ae8dfd6a12e4129a385754e6218bc24fa
  • ac82f7e4831907972465477eebafc5a488c6bb4d460575cd3889226c390ef8d5
  • ee679afb897213a3fd09be43806a7e5263563e86ad255fd500562918205226b8
  • 135cb239966835fefbb346165b140f584848c00c4b6a724ce122de7d999a3251
  • a265c32ed1ad47370d56cbd287066896d6a0c46c80a0d9573d2bb915d198ae42

C&C Servers

  • ms-ethics.net
  • deb-cn.net
  • ap1-acl.net
  • ms-db.net
  • aws-check.net
  • reawk.net

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: