At MediaTek we take security concerns and vulnerabilities very seriously, and always seek to respond appropriately. If you have found a potential security issue in any MediaTek product or software, please contact us via our specialised security contact form that will automatically direct your request to the appropriate security team.

Report Details

The following information will help us to evaluate your submission as quickly as possible. Please include in your report:

• Product(s) and Software version(s) affected
• Vulnerability Overview (buffer overflow, integer overflow, …)
• Issue Description and Impact (arbitrary code execution, information disclosure, …)
• Instructions to reproduce the issue
• A proof-of-concept (PoC)

Publication of Vulnerabilities

We regularly issue security bulletins to our customers in order to share security vulnerabilities and related code modifications. Such communications will oftentimes include attributions to reporters of those vulnerabilities unless those reporters request otherwise.

FAQ

How fast will you address security vulnerabilities?
We aim to address security issues and communicate them to our stakeholders within 90 days (e.g. through security bulletins). While we strive to meet this deadline every time, thre maybe unforseen factors that prevent us from doing so. We will do our best to keep you updated throughout this process when appropriate.

Will I have to sign some kind of Non-Disclosure Agreement?
No

Can I submit vulnerability information anonymously?
We respect privacy, if you wish to stay anonymous our contact form does not require a name or other personally identifying information to submit the contact form. We will not have further records of you identity in any further communication regarding the matter.

Hall of Fame

In respect to those who have contacted and assisted MediaTek to identify security concerns, we would like to thank the following: