This Article is From Nov 25, 2022

Google Project Zero Finds Unpatched Security Flaws in Android Phones by Multiple Vendors

Project Zero initially discovered these issues earlier this year in June and July.

Advertisement
Tech Written by , Edited by

Samsung smartphones with Snapdragon chipsets do not carry these security flaws

Highlights

  • Project Zero says phones by Google, Samsung, Xiaomi, others are affected
  • These flaws allow attackers to bypass Android permissions
  • ARM had fixed these Mali GPU-related issues back in July, August

Google Project Zero is a team of security analysts tasked to uncover zero-day vulnerabilities. It released a report on Friday claiming that several Android devices — including Pixel, Samsung, Xiaomi, Oppo, and others — still carry Mali GPU-related security flaws that the team had flagged back in June and July. These vulnerabilities are said to allow an attacker with native code execution to gain complete access to a smartphone by bypassing the permission model in Android OS. Notably, ARM — the manufacturer of Mali GPUs — had fixed these security issues in July and August earlier this year.

The report by Google Project Zero had identified a Mali GPU driver with vulnerabilities that might allow a non-privileged user to read-only memory pages. On further investigation, it reportedly included five more security flaws. One of these flaws may lead to kernel memory corruption and another is said to disclose physical memory addresses to userspace.

The remaining three security flaws could reportedly lead to a "physical page use-after-free condition." As mentioned earlier, these flaws can allow an attacker to bypass Android permissions to gain "broad access to user data." The Project Zero team had discovered these security flaws earlier this year and June and July.

Advertisement

ARM had promptly fixed them in July and August. However, the Project Zero team discovered that smartphone vendors had not released updates to fix these issues in the respective devices. This means that smartphones from vendors like Google, Xiaomi, and Oppo that feature Mali GPUs are still vulnerable to potential attackers.

Furthermore, A SamMobile report mentions that millions of Samsung smartphones that are powered by Exynos SoCs paired with a Mali GPU are currently vulnerable to this security exploit. However, Samsung devices with Snapdragon chipsets are unaffected by these security flaws. Notably, the Galaxy S22 series with Exynos SoCs is also exempt from these flaws as it carries Xclipse 920 GPUs.


Are the Pixel 7 and 7 Pro the best in their segment? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
  .  
Advertisement

Featured Video Of The Day

Allu Arjun Vs Cops: Have Celebs Become Soft Targets?

Advertisement