Check Point Research (via) reveals that the vulnerability could allow a “local privilege escalation attack” from a third-party app. This means an app bearing a specific code could potentially access audio and AI-related information from the device. This also opens the possibility of eavesdropping on device owners. Fortunately, this vulnerability was never exploited and MediaTek has fixed the issue as of last month. The researchers at Check Point replicated the issue using a Xiaomi Redmi Note 9 5G. The team found that if a malicious app has system-level permissions, it could potentially “hide malicious code within the audio DSP chip itself.”

Customers who own devices with MediaTek’s chipset should update to the latest security version

As of right now, a complete list of impacted devices isn’t available. But the issue could impact devices featuring MediaTek’s Dimensity chipsets and potentially every SoC that uses the chipmaker’s Tensilica APU. Customers of MediaTek devices should ensure that their phones have the latest security patch. MediaTek reportedly worked closely with the research team to fix the vulnerabilities. Tiger Hsu, MediaTek’s Product Security Officer shared some details on this security bug. “Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.” MediaTek is one of the giants in the chipset industry with the company becoming the number one mobile chipset manufacturer (by volume) in Q2 2021. The chipmaker is also showing a renewed interest in the high-end mobile chipset segment as we saw with the introduction of the Dimensity 9000 series last week. The company is also releasing a new 5nm chipset known as the Dimensity 7000. Unlike the 4nm Dimensity 9000, this offering will make its way to mid-range offerings. However, it uses ARM’s v9 CPU core architecture, so it has a few things in common with the Dimensity 9000. If reports are accurate, this chipset could enable features like 75W fast charging on devices.