NEW DELHI: Researchers at Google have warned that millions of Android smartphones are vulnerable to hacking owing to a flaw in one of the devices’ graphics processing units (GPU).
The IT giant’s Project Zero team stated that it had notified the British chip designer ARM about the GPU flaw, and ARM had rectified the flaws. The Project Zero team said smartphone manufacturers, including Samsung, Xiaomi, Oppo, and Google “had not delivered patches to correct the vulnerabilities as of earlier this week.”
“The vulnerabilities discussed are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable,” said Ian Beer of Project Zero.
Google researchers reported five vulnerabilities discovered between June and July 2022 to ARM.
However, Google “found that all of our test devices using Mali GPU are still susceptible to these vulnerabilities. CVE-2022-36449 is not listed in any advisory issued downstream “. Users are advised to apply patches as promptly as possible when a release containing security upgrades becomes available, and the same is true for vendors and businesses, according to the researchers.
“Companies must maintain vigilance, regularly monitor upstream sources, and do their utmost to give users with comprehensive patches as quickly as possible,” the tech giant warned. SamMobile reports that Samsung’s Galaxy S22 series and Snapdragon-powered smartphones are not affected by these issues.
In June and July, researchers uncovered five new vulnerabilities and swiftly reported them to ARM. Ian Beer of Project Zero noted in a blog post, “One of these flaws led to kernel memory corruption, one led to physical memory addresses being leaked to userspace, and the remaining three led to a physical page use-after-free condition.” These would permit an adversary to continue reading and writing physical pages after they have been returned to the system.
A hacker would be able to overcome Android’s permissions model and acquire “wide access” to a user’s data, according to Beer, who warned that this would allow them to gain full access to a machine. The adversary could accomplish this by compelling the kernel to reuse the previously specified physical pages as page tables.
Follow The420.in on