Critical MediaTek Vulnerability Patched by Google [CVE-2020-0069]
While performing an analysis on Amazon Fire tablets, members of XDA Developers discovered the vulnerability, tracked as CVE-2020-0069.
This vulnerability has been open since April 2019 and has now been used in attack campaigns. Even though MediaTek released a patch, attackers continue to exploit the vulnerability by installing a malicious application on devices. All devices with the MediaTek 64-bit chipsets are vulnerable, including Motorola, OPPO, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, as well as others.
The execution of the vulnerability is accomplished through a script shared to give users superuser access. This also allowed attackers root access.
Google issued a patch as part of the March 2020 Android Security bulletin along with a separate critical bug, CVE-2020-0032 that would allow execution of arbitrary code as a privileged user. This vulnerability supplements CVE-2019-2215 and its link to SideWinder APT Group.
IOCs
- ec4d6bf06dd3f94f4555d75c6daaf540dee15b18d62cc004e774e996c703cb34
- a60fc4e5328dc75dad238d46a2867ef7207b8c6fb73e8bd001b323b16f02ba00
- 0daefb3d05e4455b590da122255121079e83d48763509b0688e0079ab5d48886
- 441d98dff3919ed24af7699be658d06ae8dfd6a12e4129a385754e6218bc24fa
- ac82f7e4831907972465477eebafc5a488c6bb4d460575cd3889226c390ef8d5
- ee679afb897213a3fd09be43806a7e5263563e86ad255fd500562918205226b8
- 135cb239966835fefbb346165b140f584848c00c4b6a724ce122de7d999a3251
- a265c32ed1ad47370d56cbd287066896d6a0c46c80a0d9573d2bb915d198ae42
C&C Servers
- ms-ethics.net
- deb-cn.net
- ap1-acl.net
- ms-db.net
- aws-check.net
- reawk.net
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.