Millions of Android devices are at risk of cyberattacks due to their slow and cumbersome operation patching (Opens in a new tab) A process that plagues the decentralized mobile platform.
Cybersecurity researchers from Google’s Project Zero team have discovered a total of five vulnerabilities affecting the Arm Mali GPU driver.
The flaws are grouped under two identifiers – CVE-2022-33917 and CVE-202236449, and they allow threat actors a myriad of options, from accessing free memory partitions, to writing out of buffer boundaries. They all received a “moderate” severity score.
More OEMs, slower patches
The flaws have since been patched, but device manufacturers have yet to apply those patches to endpoints (Opens in a new tab). Unlike Apple, which is the sole maker of both hardware and software for the iPhone mobile system, Google is not the only company that makes software and hardware for Android.
Besides Google with its Pixel phone, there are a fairly large number of smartphone manufacturers making Android devices, such as Samsung, LG, Oppo, and many more. All of these companies have their own modified versions of Android, and their own way of handling the hardware. However, when a vulnerability is discovered, each OEM must apply the patch to their own device. This may take some time, as these patches can sometimes conflict with device drivers or other components.
And that’s exactly the problem here.
The flaws affect Arm’s Mali GPU drivers codenamed Valhall, Bifrost, and Midgard, and affect a long list of devices, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, and many, many more. Other. . The entire list can be found over here (Opens in a new tab).
For now, there is nothing users can do other than wait for their manufacturers to apply the patch, as it should be delivered to the OEMs within a few weeks.
Across: Computer (Opens in a new tab)