Technology

Google says Google and other Android manufacturers haven’t patched security flaws

Google has revealed several security flaws for phones with Mali GPUs, such as those with Exynos SoCs. The company’s Project Zero team says it reported the issues to ARM (which designs the GPUs) over the summer. ARM fixed the issues in July and August. But smartphone makers, including Samsung, Xiaomi, Oppo and Google itself, had not deployed patches to fix the vulnerabilities earlier this week, Project Zero said.

Researchers identified five new issues in June and July and promptly reported them to ARM. “One of these issues resulted in kernel memory corruption, one resulted in the disclosure of physical memory addresses to user space, and the remaining three resulted in a physical page that was free to use after use,” Project Zero’s Ian Beer wrote in a blog post . “These would allow an attacker to continue reading and writing physical pages after they were returned to the system.”

Beer noted that it would be possible for a hacker to gain full access to a system because they could bypass the permissions model on Android and gain “broad access” to a user’s data. The attacker could do this by forcing the kernel to reuse the aforementioned physical pages as page tables.

Project Zero found that three months after ARM fixed these issues, all of the team’s test devices were still vulnerable to the flaws. As of Tuesday, the issues were not mentioned “in downstream security bulletins” from Android manufacturers.

Engadget has reached out to Google, Samsung, Oppo, and Xiaomi to ask when they will be rolling out the fixes to their Android devices and why it’s taken them so long to do so. As SamMobile notes that Samsung’s Galaxy S22 series devices and the company’s Snapdragon-powered handsets are not affected by these vulnerabilities.

All products recommended by Engadget are selected by our editorial team, independent from our parent company. Some of our stories contain affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.

Previous post
Top Flight Star Seemingly Injured At AEW Rampage Taping
Next post
Thanksgiving brain teaser: Can you find a pumpkin among the turkeys?