MediaTek has confirmed that the Android devices based on its chipsets suffer from a security flaw. The chipmaker reveals that a software bug has impacted only Android 4.4 KitKat based devices.

MediaTek had opened backdoor in software for operators in China to test the devices on their networks. But OEMs who had been using the MediaTek chipset missed out on closing the door and sold the devices to consumers without checking it. The flaw leaves several Android users open to attack.

“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China,” a MediaTek spokesperson told Gadgets 360.

The chipmaker didn’t divulge more details about the flaw, how many devices were impacted or which OEMs were responsible for the issue. The company adds that it has informed all manufacturers about fixing the issue.

It’s worth pointing out that Android 4.4 KitKat still dominates the Android distribution chart. According to the latest figures, Android 4.4 KitKat is running on 36.1 percent of Android devices.

“While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers. We have taken steps to alert all manufacturers and remind them of this important feature,” the company said.

The bug was first spotted by a security researcher Justin Case last month. According to Case, the bug can allow an attacker to enable root access on the device. Attackers could access personal information from the affected device, or monitor communications or even brick the phone.