Report Security Vulnerability

MediaTek takes security concerns and vulnerabilities extremely seriously, and always seeks to respond appropriately to reports.

Report Details

The following information will help us to evaluate your submission as quickly as possible and can be submitted directly via email:
  • Product(s) and software version(s) affected
  • Vulnerability overview (buffer overflow, integer overflow, …)
  • Issue description and impact (arbitrary code execution, information disclosure, …)
  • Instructions to how to reproduce the issue
  • A proof-of-concept (PoC)

Please send the security report to: security@mediatek.com

Publication of Vulnerabilities

We regularly issue security bulletins to our customers in order to share security vulnerabilities and related code modifications. Such communications will oftentimes include attributions to reporters of those vulnerabilities unless those reporters request otherwise.

FAQ

1. How fast will you address security vulnerabilities?
We aim to address security issues and communicate them to our stakeholders within 90 days (e.g. through security bulletins). While we strive to meet this deadline every time, there maybe unforeseen factors that prevent us from doing so. We will do our best to keep you updated throughout this process when appropriate.

2. Will I have to sign some kind of Non-Disclosure Agreement?
No

3. Can I submit vulnerability information anonymously?
Yes, if you wish to stay anonymous we respect your privacy. We only require an email to enable us to reply. We do not require a name or other personally identifiable information in a submission. We do not keep further records of your identity in any further communication regarding the matter.

4. Will you credit researchers for reporting vulnerabilities in MediaTek website / IT system?
Yes, please visit MediaTek IT Security Acknowledgements.

5. How does MediaTek rate a vulnerability?
MediaTek currently rates and evaluates the severity level of identified vulnerabilities based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1). In the specific cases where additional factors are not properly captured in the CVSS score, we reserve the right to deviate from these guidelines.