What do you want to know
- Google’s Project Zero team details a critical security flaw affecting a number of devices containing a Malian GPU.
- The issue would allow a hacker to completely control an Android device’s system, bypassing permissions and accessing user data.
- This issue affects Google, Samsung, Xiaomi and OPPO devices containing a Mali GPU.
Google has detailed a critical security flaw for phones containing a Malian GPU that has yet to be properly patched.
Google’s Project Zero team posted on their official blog details about what this issue is and why it’s so important that a fix be released immediately. The critical security issue, CVE-2022-33917, affects devices containing ARM’s Mali GPU. The report lists users of devices from Google, Samsung, Xiaomi, and OPPO with a Malian GPU that are at risk from this unpatched critical security flaw.
The researchers found five separate issues between June and July, including one that dealt with “kernel corruption.” Another issue, as Project Zero informs, would lead to “disclosure of physical memory addresses in user space”. The remaining three of the five issues “would lead to a condition of using the physical page after release.”
Simply put, Project Zero makes it clear that these issues would allow an attack to gain full access to a phone’s system and bypass the Android device’s permissions system so that it could then access more user data. wide.
Project Zero explains that these issues were raised with ARM and that it released a patch fairly quickly in July and August to address this crucial issue. However, as additional tests were performed to determine the effectiveness of the fix, it was found that this security issue persists even with the supposed fixes.
Google hopes to close the “patch gap” with companies to find and fix issues. The end result would be that companies create appropriate patches and push them out to affected users faster, fixing any critical issues such as the one currently being encountered.
A Google spokesperson updated Engadget on its next steps to resolve the issues, saying, “The patch provided by ARM is currently being tested for Android and Pixel devices and will ship in the coming weeks. Android OEM partners will need to take the patch to comply with future SPL requirements.”
Android Central contacted Samsung to find out when it will fix the issues, but did not receive a response in time for publication.