Millions of smartphones are currently vulnerable to several security vulnerabilities. A report by Google’s Project Zero team highlights the “patch gap” affecting Android’s supply chain, as it typically takes several months for firmware security updates to reach affected devices.
A set of five exploitable vulnerabilities in ARM’s Mali GPU driver, found in several different processors, remain unpatched months after the chipmaker patched them, potentially leaving millions of Android devices exposed to attack.
Also read – Samsung Galaxy: several zero-day flaws made it possible to spy on users!
Smartphones with a Mali GPU are vulnerable
The five vulnerabilities include one that results in kernel memory corruption, one that can lead to physical address disclosure, and three that can lead to a use-after-free physical page condition. . To be more specific, the five vulnerabilities allow an attacker to continue reading and writing physical pages after they have been returned to the system.
The flaws have since been patched by ARM, but smartphone manufacturers have yet to apply these fixes to their devices. Unlike Apple, which is the sole creator of the hardware and software for the iPhone’s mobile ecosystem, the proliferation of smartphone manufacturers makes it longer to fix faults on chips. Although ARM is quickly providing all the elements to close the loophole, manufacturers have not yet applied the patch to their devicesbut that should change soon.
Reportedly, the flaws affect ARM’s Mali GPU drivers codenamed Valhall, Bifrost, Midgard. The long list of affected devices includes dozens of smartphones, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro and many more.