Millions of Android devices are at risk of cyberattacks due to the slow and tedious patching process (opens in a new tab) affecting the decentralized mobile platform.
Cybersecurity researchers from Google's Project Zero team discovered a total of five vulnerabilities affecting the Arm Mali GPU driver.
The flaws have been grouped under two identifiers: CVE-2022-33917 and CVE-202236449, and offer threat actors myriad options, from accessing free sections of memory to writing outside buffer boundaries. All had an "average" severity score.
More OEMs, slower patches
The flaws have since been fixed, but hardware manufacturers have yet to apply these fixes to their devices (opens in a new tab). Unlike Apple, which is the sole creator of hardware and software for the iPhone mobile ecosystem, Google is not the only company creating software and hardware for Android.
In addition to Google with its Pixel phone, there are a relatively large number of smartphone manufacturers making Android devices, such as Samsung, LG, Oppo, and many others. All of these companies have their own modified versions of Android and their own approach to hardware. That being said, when a vulnerability is discovered, each original equipment manufacturer (OEM) must patch their own devices. This can take some time as these patches can sometimes conflict with device drivers or other components.
And that is exactly the problem here.
The flaws affect Arm's Mali GPU drivers called Valhall, Bifrost, Midgard, and affect a long list of devices, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, and more. . The full list can be found here (opens in a new tab).
Right now, users can do nothing but wait for their respective manufacturers to apply the fix as it is expected to ship to OEMs in a few weeks.
Via: BleepingComputer (Opens in a new tab)