Google's Project Zero Team Says Google, Samsung, Xiaomi, Oppo did Not Deploy Security Patches for Mali GPUs Security Flaw

Google's Project Zero team says even the company hasn't issued a security fix for a particular issue.

Google's Project Zero team found a security flaw, and although it was flagged, companies, including Google, have not yet issued a security patch. ARM has already resolved the issues on its end back in July and August.

New Security Flaw Found in Phones that Use the Mali GPUs

According to the story by Engadget, Google has already disclosed multiple security flaws for phones that use Mali GPUs like the Exynos SoCs. The problems were flagged to ARM by the company's Project Zero team.

Although flagged, Google itself, along with some other companies, did not flag the issue. ARM already fixed the issues on its end back in July and August, while Samsung, Xiaomi, Oppo, and Google have yet to release a security update as per Project Zero.

Person from Project Zero Explained the Issues and What It Could Lead to

In a blog post, Ian Beer of Project Zero shared that one of the issues ultimately led to kernel memory corruption. One led to the disclosure of the physical memory address to userspace, while the remaining three "led to physical page use-after-free condition."

Beer noted that the issues would allow the hacker to gain full access to the system. Should the hackers gain full access, they can bypass the permission model on Android.

Hackers can Gain Broad Access to Users' Data if They Can Bypass the Permission Model

When hackers bypass the permission model, they can gain broad access to widespread users' data. The attacker can accomplish this by forcing the kernel to refuse the "aforementioned physical pages as page tables."

So far, researchers have been able to identify five new issues back in June and July. So far, the researchers have already flagged them to ARM, which was met with quick action.

The Publication Tried to Contact Google, Oppo, Samsung, and Xiaomi Regarding the Delay

Project Zero was also able to find that three months after ARM decided to fix the issues, all of the test devices of the team were still vulnerable to the flaw. It was also noted that the issues were not mentioned: "in any downstream security bulletins" coming from manufacturers of Android devices.

The article notes that they have tried to contact Google, Oppo, Samsung, and Xiaomi about why it takes them so long to deploy the security fixes. They also asked when the security fixes might launch for Android devices.

Read Also: Z Library: 'World's Largest' Pirated e-Book Source Now Shut Down-Feds Seize 2 Russians Operating It

So Far, the Samsung Galaxy S22 Series Remain Unfazed by the Issue

Regarding Samsung, a particular series of devices is reportedly not vulnerable to this issue. This is because they use a different chip.

An article by Sam Mobile notes that the Samsung Galaxy S22 series devices and the company's Snapdragon-powered handsets are not affected by the vulnerability. This is because the devices use a different type of chip that is not vulnerable to the issue.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics