MediaTek has released a security advisory highlighting 13 vulnerabilities found in its products, including a critical-severity remote code execution (RCE) flaw affecting 51 chipsets. The RCE vulnerability in the modem component, labeled as CVE-2024-20154, has been deemed as critical. Although the exact severity score has not been disclosed, it falls within the 9.0-10.0 range according to reports.

The vulnerability arises from a potential out-of-bounds write in the Modem component, allowing for remote code execution when a user equipment (UE) connects to a malicious base station controlled by an attacker. No additional execution privileges are required for exploitation, and user interaction is unnecessary as well.

The impacted chipsets span various devices like IoT gadgets, Chromebooks, cars, and smartphones, with six software versions affected. MediaTek has reported seven other high-severity flaws, encompassing privilege escalations, denial of service, information leakage, and more.

Device manufacturers were informed about these vulnerabilities two months ago, leading to subsequent patches being developed. Prior critical vulnerabilities were addressed by MediaTek in November 2024 through a Product Security Bulletin. These vulnerabilities, such as CVE-2024-20104 and CVE-2024-20106, could potentially result in privilege escalation and arbitrary code execution, urging users to update their security promptly.

Despite these vulnerabilities, there is no current evidence of exploitation in the wild. Nonetheless, users are advised to apply the latest security patches promptly to safeguard their devices from potential threats. Further information can be found in the original report from The Register.

For more related content, you may be interested in:
– Awareness regarding major security concerns in various top 5G phones
– A compilation of some of the best antivirus tools available
– Recommendations for the best endpoint protection tools currently on the market.