Google and other Android manufacturers have not fixed the flaws in the security system – despite having discovered them as early as the summer of 2022

Google and other Android manufacturers have not fixed the flaws in the security system - despite having discovered them as early as the summer of 2022

Project Zero – Google’s zero-day vulnerability research group – suggests that millions of phones with Mali GPUs are at risk of the exploit, despite ARM providing a patch months ago.

Experts report 5 security flaws for phones with Mali GPUs, in particular Exynos SoCs. Project Zero says it notified ARM (the company that makes graphics processors) about the flaws back in the summer, which it addressed in July and August. However, smartphone manufacturers, including Samsung, Xiaomi, Oppo and Google itself, have yet to issue a patch to address the vulnerabilities as of earlier this week.

“One of these issues led to kernel memory corruption, another to physical memory addresses being exposed in user space, and the remaining three to a Use-After-Free physical page. This would allow attackers to continue reading and writing physical pages after they are returned to the system,” Ian Beer of Project Zero wrote in a blog post.

Beer noted that a hacker could gain full system access by bypassing Android’s permission model and gain “broad access” to user data. And specifically by forcing the kernel to reuse the aforementioned physical pages as page tables.

Project Zero says that three months after ARM fixed the issues, all test devices are still vulnerable to the flaws. As of Tuesday, the vulnerability had not been mentioned in “any future security bulletins” from Android manufacturers.

Become a professional IT recruiter and earn $1,800 in just two years


Google, Samsung, Oppo and Xiaomi have yet to comment on when they will roll out the patch to their Android devices or why it has taken so long. As SamMobile points out, Samsung’s Galaxy S22 series devices and the company’s Snapdragon-based phones do not suffer from these issues.

Apple has released an emergency patch for iOS and iPadOS 16 that addresses the zero-day vulnerability

Source: Engadget

Related Posts

Emma Watson “quotes” Hitler and Biden “declares” war on Russia – free AI speech synthesizer makes celebrities “say” offensive things

The startup ElevenLabs published its AI voice simulation technology in the public domain, which immediately attracted the attention of Internet trolls. Social media has been flooded with…

Samsung Galaxy S23 smartphones on “live” photos the day before the presentation

Thanks to numerous leaks, we know almost all the specifications of Samsung’s Galaxy S23 series smartphones, which will be officially announced tomorrow. And now live photos of…

Chinese nuclear weapons developer uses Intel and Nvidia hardware – despite being on US ‘export blacklist’ since 1997

The US continues to tighten restrictions on chip exports to China, but some companies have been on the US blacklist for decades. For example, China’s nuclear weapons…

Spotify surpasses 205 million paid subscribers and 489 million monthly active users – fourth quarter report

Spotify’s financial report for the fourth quarter of 2022 comes a week after the company announced that it was laying off 6% of its staff (just under…

DC Studios and James Gunn presented 10 new films and series of the superhero film universe

DC Studios and James Gunn, who is responsible, together with Peter Safran, for the development of the DC film universe, revealed the full list of tapes that…

The most interesting new films of February 2023

February cannot boast of a large number of interesting movie news. But let’s not forget that this is the shortest month of the year. In addition, the…

Leave a Reply

Your email address will not be published. Required fields are marked *