MediaTek, a Taiwanese company that manufactures a wide range of chips for smartphones and other IoT devices, has released security updates to address dangerous vulnerabilities that could allow malicious Android apps to record sound and spy on phone owners.

Malicious applications installed on the device can interact with the MediaTek audio driver. Applications can send malicious messages to MediaTek's firmware in order to gain control of the driver and then use it to eavesdrop on any audio stream passing through the device.

Three issues were fixed in October (CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663), and the fourth (CVE-2021-0673) will receive a fix next month.

Source: securitylab.ru