Google researchers have warned that millions of Android smartphones are at risk of being hacked due to a bug in one of the devices’ graphics processing units (GPUs).
The tech giant’s Project Zero team said it alerted chip designer ARM to the GPU bug, and the UK chip designer patched those vulnerabilities.
However, smartphone makers including Samsung, Xiaomi, Oppo and Google “had not deployed patches to fix the vulnerabilities as of the start of the week,” the Project Zero team claimed.
“The discussed vulnerabilities are patched by the upstream vendor, but at the time of publication, these patches have not yet reached downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Malian GPUs are currently vulnerable,” said Ian Beer of Project Zero
Google researchers reported five issues to ARM when they were discovered between June and July 2022.
ARM addressed the issues quickly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (CVE-2022-36449) and posting the source of the fixed driver on their public developer website.
However, Google “found that all of our test devices that used the Mali GPU are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins.”
The researchers said that users are urged to fix as soon as possible once a release containing security updates is available, the same goes for vendors and companies.
“Companies should remain vigilant, follow upstream sources closely, and do their best to deliver full fixes to users as soon as possible,” the tech giant added.
According to SamMobile, Samsung’s Galaxy S22 series devices and the company’s Snapdragon-powered handsets are unaffected by these bugs. -IANS