MediaTek Patches Multiple Flaws Affecting Tablets, Smartphones & TV Chips

The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems, and TV chipsets running various versions of Android and other operating systems. CVE-2025-20670 concerns improper certificate validation (CWE-295) in the Modem component, which could lead to permission bypass and remote information disclosure when connected to a rogue base station. According to the bulletin, “this could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed”. This vulnerability involves a reachable assertion in the Modem component (CWE-617) that could allow remote attackers to trigger a denial of service condition by exploiting an uncaught exception. The vulnerability affects over 30 different chipsets, including popular models like MT6833, MT6877, MT6893, and others running Modem NR15 firmware. This vulnerability affects dozens of chipsets running Modem LR12A, LR13, NR15, NR16, NR17, and NR17R firmware. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Device manufacturers were notified of these issues and provided with corresponding security patches at least two months prior to public disclosure, following MediaTek’s responsible disclosure policy. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 13:35:09 +0000

Cyber News related to MediaTek Patches Multiple Flaws Affecting Tablets, Smartphones & TV Chips

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
4 years ago

Here's Why the World is Investing So Much in Semiconductors - Hannah Mullane, a BBC correspondent, recently visited Pragmatic Semiconductor, the UK's newest computer chip facility in Durham. The large site is being turned into a sophisticated computer chip production hub. Pragmatic Semiconductor has already ...
2 years ago Cysecurity.news

TPM Chips and the Use of TPM in Virtualization Technology - TPM chips have grown in relevance in both physical and virtual contexts, where they play a critical role in data security and preserving the integrity of computer systems. TPM chips, their functionality, and how they are used in virtualization ...
2 years ago Feeds.dzone.com

What Using Security to Regulate AI Chips Could Look Like - Policy enforcement recommendations include limiting the performance of systems and implementing security features that can remotely disable rogue chips. Governments have largely focused on software for AI policy, and the paper is a companion piece ...
2 years ago Darkreading.com

China Telecom Trains AI Model Using Domestic Chips - The Institute of AI at China Telecom, one of China’s main state-backed telecoms firms, said the open source TeleChat2-115B and a second unnamed model were trained using tens of thousands of domestically produced chips. ByteDance, the ...
1 year ago Silicon.co.uk

MediaTek Patches Multiple Flaws Affecting Tablets, Smartphones & TV Chips - The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems, and TV chipsets running various versions of Android and other operating systems. ...
9 months ago Cybersecuritynews.com CVE-2025-20670

MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges - The UAE Cyber Security Council recommends immediate network segmentation for critical infrastructure using affected chipsets and continuous monitoring for anomalous base station associations. The March 2025 Product Security Bulletin highlights three ...
1 year ago Cybersecuritynews.com CVE-2025-20644

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com

Qualcomm chip vulnerability enables remote attack by voice call - Qualcomm disclosed a critical vulnerability on New Year's Day that would allow remote attacks via malicious voice calls over LTE networks. The January 2024 security bulletin lists a total of 26 vulnerabilities, including four critical ...
2 years ago Packetstormsecurity.com CVE-2023-33025 CVE-2023-33036 CVE-2023-33030

US Commerce Review Semiconductor Supply Chain - National security move, as the US Commerce Dept says it will launch survey of US semiconductor supply chain. The US Department of Commerce has announced a new review, in a sign of the continuing geopolitical tensions around the world, and the ...
2 years ago Silicon.co.uk

US To Invest $5 Billion In Semiconductor Research - White House confirms $5 billion from US Chips and Science Act will be used for semiconductor research and development. The Biden Administration has confirmed that the United States is setting aside billions of dollars for semiconductor-related ...
2 years ago Silicon.co.uk

New 5Ghoul Attack Impacts 5G Devices From Popular Brands - Cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices from popular brands:-. 5Ghoul exposes 5G vulnerabilities in Qualcomm and MediaTek modems, impacting smartphones, routers, ...
2 years ago Cybersecuritynews.com

Intel knew AVX chips were insecure and did nothing - Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. ...
2 years ago Theregister.com

Nvidia To Build Network Of AI Chip Plants In Japan - Nvidia chief Jensen Huang says company to work with local companies to build network of AI chip plants in Japan. Nvidia is to collaborate with local companies to build a network of semiconductor manufacturing facilities in Japan to meet demand for ...
2 years ago Silicon.co.uk

Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
1 year ago Darkreading.com

Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
2 years ago Bleepingcomputer.com CVE-2023-42325 CVE-2023-42327 CVE-2023-42326

Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
3 years ago Securityaffairs.com

CVE-2025-68184 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

MediaTek Security Update - Patch for Vulnerabilities Affecting Smartphone, Tablet, & other Devices - The bulletin, published today, highlights significant security risks affecting a wide array of devices, including smartphones, tablets, IoT devices, smart displays, and various multimedia equipment. This security update exemplifies MediaTek’s ...
10 months ago Cybersecuritynews.com CVE-2025-20654

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets - Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware present system crash risks classified as CWE-124, affecting extensive chipset ranges including MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, ...
7 months ago Cybersecuritynews.com CVE-2025-20694

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
8 years ago

How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
10 months ago Cybersecuritynews.com

'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Academic researchers from the ASSET Research Group at the Singapore University of Technology and Design are raising an alarm for more than a dozen vulnerabilities plaguing hundreds of smartphone models that employ specific 5G modems. Collectively ...
2 years ago Securityweek.com CVE-2023-33042 CVE-2023-33043 CVE-2023-33044

US Moves To Facilitate AI Chip Shipments To Middle East | Silicon - The rule will allow data centres in the region to apply for Validated End User status, under which US tech companies will be authorised to sell advanced chips to the firms under a general authorisation. Shipments of advanced artificial intelligence ...
1 year ago Silicon.co.uk

Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits - “Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company stated in its advisory. Oracle Database Server versions 19.3-19.26, 21.3-21.17, ...
10 months ago Cybersecuritynews.com