Google has uncovered many security problems in phones equipped with Mali GPUs, such as those equipped with Exynos SoCs. According to the company’s Project Zero team, the issues were reported to ARM (which designs the GPUs) in the summer. In July and August, ARM rectified the problems. However, as of early this week, smartphone makers such as Samsung, Xiaomi, Oppo, and Google itself had not issued updates to address the vulnerabilities, according to Project Zero.
In June and July, researchers discovered five additional concerns and immediately reported them to ARM. “One of these issues led to kernel memory corruption, one led to physical memory addresses being disclosed to userspace and the remaining three led to a physical page use-after-free condition,” Project Zero’s Ian Beer stated in a blog post. “These would enable an attacker to continue to read and write physical pages after they had been returned to the system.”
Beer stated that a hacker may acquire complete access to a machine by circumventing Android’s permissions architecture and gaining “broad access” to a user’s data. The attacker might do this by compelling the kernel to reuse the previously specified physical pages as page tables.
Three months after ARM corrected these weaknesses, Project Zero discovered that all of the team’s test devices were still vulnerable to the flaws. The flaws had not been noted “in any downstream security bulletins” from Android makers as of Tuesday.
“The fix provided by ARM is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks,” a Google official told a credible source. “Android OEM partners will be required to take the patch to comply with future SPL requirements.”
The source said these vulnerabilities do not impact Samsung’s Galaxy S22 series devices or the company’s Snapdragon-powered cell phones, according to another reliable source.
- Can Your Company Blog Be Featured In Google News? - December 20, 2023
- Bringing Back Vision: Smart Glasses Help the Blind “See” Through Sound - November 2, 2023
- Apple intends to largely push generative AI into its devices and services - October 25, 2023