The “Project Zero” team at Google has released a blog post warning about the vulnerability of Mali GPUs. Which are present in millions of Android smartphones.
Google has discovered a number of security flaws in Mali graphic chips found in some Samsung Exynos chips, Dimensity chips from MediaTek, and even Tensors chips from Google itself. A significant security issue that companies were slow to address.
Android smart phones are getting significant updates. These signify the upgrade to a new Google OS version, with a custom user UI designed by the smart phone’s maker. Both the minor updates and the security patch updates are equally critical. Depending on the product, they arrive every month, every two months, or every quarter.
Manufacturers exert every effort to release a patch and thereby fill the bug when they are made aware of it. Unfortunately, as the Google Project Zero team said in their blog post, it doesn’t always work out that way.
Security professionals did in fact alert ARM, the company that creates the chips used in our devices, to the issue in June and July of last year. A month later, the business targets security flaws affecting its Mali GPUs. Unfortunately, no Android smart phone company has yet to adopt this strategy and apply security updates.
By coding an app to circumvent Android’s permissions system, hackers can exploit the bug to gain full OS access.
This Pixel 6 vulnerability was discovered by the Google security team. However, it hasn’ get a fix yet by the company. As of this writing, no smart phone brand with Mali GPU has released a patch. Therefore the other companies aren’t faring much better.
In question are the following brands: Google, Samsung, Xiaomi, and Oppo. Not all Samsung smart phones with Exynos processors are having this problem, it should be noted. The Galaxy S22 does indeed have an Xclipse 920 GPU rather than a Mali GPU.
Google reminds readers in its blog post’s conclusion to update their Android phones. As soon as the companies makes one available. To address security flaws, they still need to be more proactive.
