The most critical vulnerability, CVE-2024-20154, affects 51 chipsets and allows out-of-bounds writes in MediaTek modems without user interaction. MediaTek describes it as critical.
MediaTek's modems play a significant role in connecting many devices, including smartphones from major brands and various IoT devices. This broad impact raises concerns.
Despite the serious nature of the vulnerabilities, there have been no reported exploits so far. MediaTek has released a patch, but widespread implementation remains uncertain.
The exploitability of the vulnerabilities varies, and concerns persist regarding potential compromises through rogue transmission towers, despite Google's recent patches for similar risks.
Collection
[
|
...
]