DigiNews

Summary

This is a deep-dive security write-up by Roger Ortiz detailing vulnerabilities in MediaTek's Download Agent (DA) used in modern DIMENSITY devices. It describes two exploit paths—the XML expansion overflow and a USB download overflow—and explains how heap manipulation can lead to code execution, followed by a payload workflow (hakujoudai) and patches with CVEs. The piece also covers defensive mitigations and patch timelines.