MediaTek security vulnerability allowed root access on devices from Nokia, Amazon, BLU, Sony, ZTE, and others
Security vulnerabilities are unfortunately extremely common in smartphones, given the complexity and varying codebases of most devices. That's why Google has been releasing monthly security patches for years, and if you needed another reason for why those updates are so important, the March 2020 release fixes a critical flaw on many MediaTek devices.
One of the vulnerabilities fixed in the March security patch is CVE-2020-0069, a security flaw that affects the Command Queue driver on devices with certain MediaTek processors. As XDA Developers pointed out in an investigative piece, the vulnerability was first discovered in February 2019 by a developer looking for a way to root Amazon's Fire tablets. The developer, known as 'diplomatic' on the XDA Forums, later released a script that used the vulnerability to temporarily gain root access on Fire tablets.
It was later discovered that the vulnerability, nicknamed 'MediaTek-su,' was also present on many other phones and tablets using MediaTek processors.