The July 2023 Product Security Bulletin from Taiwanese chipmaker MediaTek describes security flaws impacting MediaTek chipsets for smartphones, tablets, AIoT, smart displays, smart displays, OTT, and Wi-Fi.
This security advisory provides details on 24 vulnerabilities, of which CVE-2023-20754 and CVE-2023-20755 have been classified as ‘High’ severity.
The vulnerability is tracked as CVE-2023-20754, integer overflow, or wraparound in keyinstall with a ‘high’ severity range. Due to an integer overflow, there may be an out-of-bounds write-in keyinstall.
This can result in the need for system execution privileges and local privilege escalation. Exploitation does not need user involvement.
Affected Chipsets: MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797.
Affected Software Versions: Android 11.0, 12.0, 13.0.
The improper input validation in keyinstall vulnerability is tracked as CVE-2023-20755, with a ‘high’ severity range where an integer overflow in keyinstall might result in an out-of-bounds write.
This could result in a local escalation of privilege with system execution rights needed. Exploitation doesn’t need user involvement.
Affected Chipsets: MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions: Android 11.0, 12.0, 13.0
The company added that device OEMs had been informed of all problems and the accompanying security updates at least two months before publishing.
“AI-based email security measures Protect your business From Email Threats!” – .
Brinker, an innovative narrative intelligence platform dedicated to combating disinformation and influence campaigns, has been…
A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek…
A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing…
A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric…
A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the…
A sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy…