Report Security Vulnerability

Report Security Vulnerability

At MediaTek we take security concerns and vulnerabilities extremely seriously, and always seek to respond appropriately to reports. If you have found a potential security issue in any MediaTek product or software, please contact us via our dedicated contact forms linked below.

Report Details

The following information will help us to evaluate your submission as quickly as possible and can be submitted directly via email:

  • Product(s) and software version(s) affected
  • Vulnerability overview (buffer overflow, integer overflow, …)
  • Issue description and impact (arbitrary code execution, information disclosure, …)
  • Instructions to how to reproduce the issue
  • A proof-of-concept (PoC)

Publication of Vulnerabilities

We regularly issue security bulletins to our customers in order to share security vulnerabilities and related code modifications. Such communications will oftentimes include attributions to reporters of those vulnerabilities unless those reporters request otherwise.


How fast will you address security vulnerabilities?
We aim to address security issues and communicate them to our stakeholders within 90 days (e.g. through security bulletins). While we strive to meet this deadline every time, there maybe unforeseen factors that prevent us from doing so. We will do our best to keep you updated throughout this process when appropriate.

Will I have to sign some kind of Non-Disclosure Agreement?

Can I submit vulnerability information anonymously?
Yes, if you wish to stay anonymous we respect your privacy. Our contact form only requires an email to enable us to reply. It does not require a name or other personally identifying information in a submission. We do not keep further records of your identity in any further communication regarding the matter.

Will you credit researchers for reporting vulnerabilities in MediaTek website / IT system?
Yes, please visit MediaTek IT Security Acknowledgements.