rootkit vulnerability Archives - CISO MAG

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
rootkit vulnerability Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Fri, 06 Mar 2020 15:40:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 Google Fixes MediaTek Rootkit Vulnerability https://staging-cisomagcom.kinsta.cloud/google-fixes-mediatek-rootkit-vulnerability/ Fri, 06 Mar 2020 18:04:51 +0000 https://staging-cisomagcom.kinsta.cloud/?p=5212 After almost a year since its discovery, a critical vulnerability affecting millions of Android devices using MediaTek chips (now tracked as CVE-2020-0069) has been finally fixed by Google. The issue was first reported on the XDA forum, one of the largest forums for Android software modifications, back in April 2019. The MediaTek Vulnerability The Amazon […]

The post Google Fixes MediaTek Rootkit Vulnerability appeared first on CISO MAG | Cyber Security Magazine.

]]> After almost a year since its discovery, a critical vulnerability affecting millions of Android devices using MediaTek chips (now tracked as CVE-2020-0069) has been finally fixed by Google. The issue was first reported on the XDA forum, one of the largest forums for Android software modifications, back in April 2019.

The MediaTek Vulnerability

The Amazon Fire tablets are heavily guarded, and the tablet manufacturer does not provide an official method to unlock the bootloader of Fire tablets. The only way to root the Fire tablet without hardware modifications is to find a loophole in the software itself that bypasses Android’s security model. An active member of the forum did just that and hit the bull’s eye only to discover that the exploit had a greater outreach and not just limited to the Amazon Fire Tablet.

The exploit was successfully tested on all MediaTek 64-bit chipsets used in several devices including Motorola, OPPO, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, and more. On gaining root shell access and privileges, an attacker can install a malicious application on the device and have unrestricted access to all the files including private data directories.

This was a grave concern and thus reported to MediaTek immediately. However, XDA states that although MediaTek released a security patch to fix the issue in a month’s time, it was continued to be exploited in the wild by many hacking groups until recently.

Google’s Helping Hand

Failing to fix the issue and considering the high severity of it, in February 2020, MediaTek turned to Google for a helping hand. Google’s engineers obliged as it also affected its flagship Android mobile device brand – Pixel. On March 3, 2020, Google released an Android Security Bulletin for March 2020 in which it announced the fixture of over 70 various issues affecting its Android devices including CVE-2020-0069.

Earlier in 2019, Google’s security researchers discovered that an iPhone could be turned into a surveillance tool exposing a victim’s sensitive information including contacts, Live Location, chat history, emails, photos, and passwords. A total of fourteen vulnerabilities spread across five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes were discovered and later fixed.

The post Google Fixes MediaTek Rootkit Vulnerability appeared first on CISO MAG | Cyber Security Magazine.

]]>