latest
Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
A critical flaw in MediaTek processors went unpatched in devices due to OEM neglect. Google hopes the March 2020 Android Security Bulletin will fix this.
On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the latest bulletin is CVE-2020-0069, a critical security exploit, specifically a rootkit, that affects millions of devices with chipsets from MediaTek, the large Taiwanese chip design company. Although the March 2020 Android Security Bulletin is seemingly the first time that CVE-2020-0069 has been publicly disclosed, details of the exploit have actually been sitting openly on the Internet—more specifically, on the XDA-Developers forums—since April of 2019. Despite MediaTek making a patch available a month after discovery, the vulnerability is still exploitable on dozens of device models. Even worse, the vulnerability is actively being exploited by hackers. Now MediaTek has turned to Google to close this patch gap and secure millions of devices against this critical security exploit.
[UPDATE: OTA Fix Coming] Blu's Software Update is Locking People out of Their Phones
Blu reportedly pushed a botched software update that resets the device PIN/pattern, effectively owners out of their phones.
Update 12/04/2017: Blu has officially announced that an OTA fix for affected Blu Life One X2 devices will be pushed soon. This fix is only meant for affected users which haven't yet done a factory reset to fix said issue. If you have an affected device, send an email to escalations@bluproducts.com and be on the lookout for an OTA update coming to your device.