Millions of Android devices prone to hacking due to GPU bug: Google - San Francisco News
by IANS | Updated Nov 25, 2022
The tech giant's Project Zero team said it had alerted the chip designer ARM about the GPU bug, and the British chip designer had fixed those vulnerabilities.
However, smartphone manufacturers including Samsung, Xiaomi, Oppo and Google "hadn't deployed patches to fix the vulnerabilities as of earlier this week", claimed the Project Zero team.
"The vulnerabilities discussed are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable," said Ian Beer of Project Zero
Google researchers reported five issues to ARM when they were discovered between June and July 2022.
ARM fixed the issues promptly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (CVE-2022-36449) and publishing the patched driver source on their public developer website.
However, Google "discovered that all of our test devices which used Mali GPU are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins".
The researchers said users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies.
"Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible," the tech giant added.
According to SamMobile, Samsung's Galaxy S22 series devices and the company's Snapdragon-powered handsets aren't affected by these bugs.