MediaTek reveals host of security vulnerabilities, so patch now - #CVE-2024-20154
The January 2025 cybersecurity landscape is marked by significant vulnerabilities in Android devices and MediaTek chipsets. Google's Android Security Bulletin addressed critical remote code execution flaws affecting millions of devices running Android 12 through 15, urging immediate updates. Concurrently, MediaTek disclosed a series of vulnerabilities, including a critical remote code execution bug (CVE-2024-20154) impacting 51 chipsets used in various devices from smartphones to IoT gadgets. This critical flaw could allow attackers to execute code remotely by connecting to a malicious base station. MediaTek's disclosure also included multiple high and medium-severity vulnerabilities. Both Google and MediaTek had informed their partners and manufacturers about these issues before public disclosure, allowing time for patch integration. Users of affected devices are strongly advised to apply the latest security updates to mitigate these risks.