Last year, XDA developers found a vulnerability that was attempting to root an Amazon Fire tablet. Later, an XDA developer user uploaded a script that employed the vulnerability to gain root access to the fire tablets.
This vulnerability, named MediaTek-SU, was later found in other phones and tablets powered by MediaTek processors. It allows the malicious application to take full control of the device, giving it the ability to change permissions, access private data, and lots more. A recent report by the XDA developers details all the affected devices.
Since MediaTek processors are mainly used in mid-range and low-end devices, some companies don’t have the resources to offer an update to fix this. Hence, there are still several devices that are vulnerable.
Last month, TrendMicro published a report referring to the same vulnerability. The report claimed that a number of play store applications used MediaTek-SU or CVE-2019-2215 to gain root access on a vulnerable device. Later on, all these applications were removed by Google.
With so many devices running on Android topped with varying and complex codebases, security vulnerabilities are pretty common and are being exploited. There is no way to completely eliminate them; however, keeping your device updated at all times might keep you safe from most vulnerabilities.
If you want to check whether your device is vulnerable, you can run the original root script from XDA developers. If the device enters the root shell, it is vulnerable.