![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![Apple Shares Official Teaser for 'Highest 2 Lowest' Starring Denzel Washington [Video]](https://www.iclarified.com/images/news/97221/97221/97221-640.jpg)
![Under-Display Face ID Coming to iPhone 18 Pro and Pro Max [Rumor]](https://www.iclarified.com/images/news/97215/97215/97215-640.jpg)
MediaTek Patches Multiple Vulnerabilities Affecting Tablets, Smartphones & TV Chipsets
MediaTek has released critical security patches addressing six significant vulnerabilities affecting a wide range of devices powered by their chipsets. The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems, and TV chipsets running various versions of Android and other operating systems. High-Severity Remote DoS […] The post MediaTek Patches Multiple Vulnerabilities Affecting Tablets, Smartphones & TV Chipsets appeared first on Cyber Security News.
MediaTek has released critical security patches addressing six significant vulnerabilities affecting a wide range of devices powered by their chipsets.
The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems, and TV chipsets running various versions of Android and other operating systems.
High-Severity Remote DoS Vulnerability – CVE-2025-20666
The most concerning flaw identified in this security update is CVE-2025-20666, rated as high severity. This vulnerability involves a reachable assertion in the Modem component (CWE-617) that could allow remote attackers to trigger a denial of service condition by exploiting an uncaught exception.
According to the bulletin, “this could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed”.
The vulnerability affects over 30 different chipsets, including popular models like MT6833, MT6877, MT6893, and others running Modem NR15 firmware.
Notably, this exploit requires no user interaction, making it particularly dangerous as targets may be unaware their device is being attacked.
MediaTek’s Medium-Severity Vulnerabilities
In addition to the high-severity flaw, MediaTek’s bulletin details five medium-severity vulnerabilities:
CVE-2025-20667 involves inadequate encryption strength (CWE-326) in the Modem component, potentially exposing user information to remote attackers if a device connects to a rogue base station.
This vulnerability affects dozens of chipsets running Modem LR12A, LR13, NR15, NR16, NR17, and NR17R firmware.
CVE-2025-20671 and CVE-2025-20668 are both out-of-bounds write vulnerabilities (CWE-787) in the thermal and SCP components, respectively. If an attacker already has system-level access privileges, these could enable local privilege escalation.
These vulnerabilities primarily affect devices running Android 14.0 and 15.0.
CVE-2025-20670 concerns improper certificate validation (CWE-295) in the Modem component, which could lead to permission bypass and remote information disclosure when connected to a rogue base station.
Finally, CVE-2025-20665 exposes device identifiers through file and directory information exposure (CWE-538) in the devinfo component, potentially leading to local information disclosure.
This vulnerability affects numerous chipsets running Android 13.0, 14.0, and 15.0.
Widespread Impact and Mitigation
The breadth of affected chipsets highlights the widespread nature of these vulnerabilities across MediaTek’s product portfolio.
Device manufacturers were notified of these issues and provided with corresponding security patches at least two months prior to public disclosure, following MediaTek’s responsible disclosure policy.
Users of MediaTek-powered devices are strongly advised to install the latest software updates from their device manufacturers as soon as they become available.
These patches are critical for mitigating the risk of exploitation, particularly for the high-severity CVE-2025-20666, which requires no user interaction for successful attacks.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
The post MediaTek Patches Multiple Vulnerabilities Affecting Tablets, Smartphones & TV Chipsets appeared first on Cyber Security News.
