Google Claims That Google and Other Android Manufacturers Have Not Addressed Security Flaws

November 29, 2022
Google Claims That Google and Other Android Manufacturers Have Not Addressed Security Flaws
330
Views
Google Claims That Google and Other Android Manufacturers Have Not Addressed Security Flaws

Google has uncovered many security problems in phones equipped with Mali GPUs, such as those equipped with Exynos SoCs. According to the company’s Project Zero team, the issues were reported to ARM (which designs the GPUs) in the summer. In July and August, ARM rectified the problems. However, as of early this week, smartphone makers such as Samsung, Xiaomi, Oppo, and Google itself had not issued updates to address the vulnerabilities, according to Project Zero.

In June and July, researchers discovered five additional concerns and immediately reported them to ARM. “One of these issues led to kernel memory corruption, one led to physical memory addresses being disclosed to userspace and the remaining three led to a physical page use-after-free condition,” Project Zero’s Ian Beer stated in a blog post. “These would enable an attacker to continue to read and write physical pages after they had been returned to the system.”

Beer stated that a hacker may acquire complete access to a machine by circumventing Android’s permissions architecture and gaining “broad access” to a user’s data. The attacker might do this by compelling the kernel to reuse the previously specified physical pages as page tables.

Three months after ARM corrected these weaknesses, Project Zero discovered that all of the team’s test devices were still vulnerable to the flaws. The flaws had not been noted “in any downstream security bulletins” from Android makers as of Tuesday.

“The fix provided by ARM is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks,” a Google official told a credible source. “Android OEM partners will be required to take the patch to comply with future SPL requirements.”

 The source said these vulnerabilities do not impact Samsung’s Galaxy S22 series devices or the company’s Snapdragon-powered cell phones, according to another reliable source.

Article Tags:
· · · · ·
Article Categories:
Tech News

Leave a Reply

Your email address will not be published. Required fields are marked *

The maximum upload file size: 2 MB. You can upload: image, audio, video, document, spreadsheet, interactive, text, archive, code, other. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here