Google’s team of computer security experts, known as “Project Zero,” has published a blog post warning of a vulnerability in Mali GPUs found in millions of Android smartphones.
Google has found several security vulnerabilities in Android smartphones equipped with “Mali” graphics chips, such as some Exynos chips from Samsung, Dimensity from MediaTek or Tensor from Google. A major safety issue that manufacturers are not rushing to fix is…
Widespread flaws in Android
Android products receive so-called “major” updates. These indicate a transition to a new version of Google OS, often with an interface customized by the manufacturer of the respective smartphone. “Minor” updates are important when it comes to security patches. These are used every month, every two months or every quarter depending on the product.
When critical security vulnerabilities are discovered, manufacturers usually do their best to deploy a patch, thus “filling” the vulnerabilities. Unfortunately, as Google’s Project Zero team demonstrates in their blog post, that’s not always the case.
In fact, last June and July, security experts brought it to the attention of ARM, which makes the chips in our smartphones. The company patched security vulnerabilities related to its Mali GPUs a month later. Unfortunately, no Android manufacturer follows suit by using security patches.
The vulnerabilities in question give hackers the ability to code an app to bypass Android’s permission setting and gain full access to the OS.
Among the worst students… Google
Initially brought to light by the Google security team, this flaw targeting the Pixel 6 has not been patched by the manufacturer. A height. Other brands aren’t doing any better, and at the time of writing, no manufacturer is marketing smartphones with Mali GPUs.
Brands involved: Google, Samsung, Xiaomi and Oppo. Note that not all Samsung smartphones with an Exynos processor are affected. In fact, the European Galaxy S22s has the Xclipse 920 GPU and not the Mali GPU.
Google concludes with a blog post recall that advises users to always update their Android phone as supplied by the manufacturer. They need to be more reactive to fix security flaws.
Google Project Zero