Google has warned that Android devices around the world could be vulnerable to cyberattacks, in part because of slow and cumbersome patching (opens in a new tab) process.
Cybersecurity researchers from the Google Project Zero team discovered a total of five vulnerabilities in the Arm Mali GPU driver.
The vulnerabilities have been grouped under two identifiers – CVE-2022-33917 and CVE-202236449, and give cybercriminals countless options, from accessing free memory sections to writing beyond buffer boundaries. All received a “medium” severity rating.
More OEMs, slower patches
The vulnerabilities have since been patched, but hardware vendors have yet to apply these patches to their endpoints (opens in a new tab). Unlike Apple, which is the sole developer of both hardware and software for the iPhone mobile ecosystem, Google is not the only company creating software and hardware for Android.
In addition to Google with the Pixel phone, there are a relatively large number of smartphone manufacturers building Android devices, such as Samsung, LG, Oppo, and many others. All of these companies have their own modified versions of Android and their own approach to hardware. That said, once a vulnerability is discovered, each Original Equipment Manufacturer (OEM) must apply the patch to their own devices. This may take some time as these fixes can sometimes cause conflicts with device drivers or other components.
And here is the problem.
The vulnerabilities affect the Arm Mali GPU drivers codenamed Valhall, Bifrost, Midgard and affect a long list of devices including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro and many, many more. The entire list can be found here (opens in a new tab).
At the moment, users can do nothing but wait for their manufacturers to apply the patch, as it should be delivered to OEMs in a few weeks.
By: Beeping Computer (opens in a new tab)