Endpoint/Device Security

Mali GPU vulnerabilities not patched by Android device vendors

Share

No major Android device manufacturers including Samsung, Oppo, and Xiaomi have issued any updates addressing five medium-severity security vulnerabilities in Arm's Mali GPU driver, even though the flaws have been fixed by Arm from July to August, SiliconAngle reports. Google has also failed to roll out fixes for the GPU flaws, which could be exploited to help attackers read and write physical pages brought back to the system, for its own Pixel line of devices, a report from Google's Project Zero showed. The issues, which include a kernel memory corruption flaw, physical address disclosure vulnerability, and a use-after-free bug, were found to have "collided" with zero-days and listings for exploits in the dark web. The findings should prompt vendors to be more responsible in providing security updates, said Project Zero researcher Ian Beer. "Minimizing the 'patch gap' as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch," Beer added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.