A global infrastructure technology leader built on more than 60 years of innovation, collaboration and engineering excellence.
MediaTek Incorporated (TWSE: 2454) is a global fabless semiconductor company that enables nearly 2 billion connected devices a year. We are a market leader in developing innovative systems-on-chip (SoC) for mobile, home entertainment, connectivity and IoT products. Our dedication to innovation has positioned us as a driving market force in several key technology areas, including highly power-efficient mobile technologies, automotive solutions and a broad range of advanced multimedia products such as smartphones, tablets, digital televisions, 5G, Voice Assistant Devices (VAD) and wearables. MediaTek empowers and inspires people to expand their horizons and achieve their goals through smart technology, more easily and efficiently than ever before. We work with the brands you love to make great technology accessible to everyone, and it drives everything we do. Visit www.mediatek.com for more information. ALERT: MediaTek, along with other companies, have been the victim of unscrupulous individuals fraudulently purporting to be recruiters by fabricating job descriptions and extending spurious offers of employment in an effort to obtain sensitive personal information. We are currently working with authorities to investigate all wrong doings. If you believe you have been a victim, please contact [email protected]. Any interested candidates for worldwide positions at MediaTek are asked to apply only through mediatek.com, or via the applicable posting directly on LinkedIn.
Security & Compliance Standards Overview
Broadcom has 150.0% more incidents than the average of same-industry companies with at least one recorded incident.
No incidents recorded for MediaTek in 2025.
Broadcom cyber incidents detection timeline including parent company and subsidiaries
MediaTek cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
