Google researchers have warned that millions of Android smartphones are susceptible to hacking due to a bug in one of the devices’ graphics processing units (GPU).
Smartphone manufacturers such as Samsung, Xiaomi, Oppo, and Google “had not, however, rolled out patches earlier this week to fix the vulnerabilities,” the Project Zero team claimed.
The tech giant’s Project Zero team warned chip designer ARM about the GPU bug and that the British chip designer had fixed those vulnerabilities.
“The upstream vendor is fixing the discussed vulnerabilities, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi and Oppo). Devices with a Mali GPU are currently vulnerable,” said Ian Beer of Project Zero.
ARM promptly fixed the problems in July and August 2022 and disclosed them as security vulnerabilities on their Arm Mali Driver Vulnerabilities page (CVE-2022-36449) and published the patched driver resource on their public developer website.
Google researchers reported five problems to ARM when they were discovered between June and July 2022.
However, Google “discovered that all of our test devices using Mali GPU were still vulnerable to these issues. CVE-2022-36449 is not mentioned in downstream security bulletins.”
The researchers said users are advised to patch as soon as a release with security updates is available, so the same goes for vendors and enterprises.
“Companies should remain vigilant, follow upstream sources closely and do their best to provide users with full patches as soon as possible,” the tech giant added. According to our source, these bugs are not affected by Samsung’s Galaxy S22 series devices and the company’s Snapdragon-powered handsets.
Google’s Project Zero team said it had alerted chip designer ARM about the GPU bug, and that the British chip designer had fixed these vulnerabilities.
- Google warned ARM chip designer about GPU bug that made millions of Android smartphones easy to hack
- Check all news and articles from the latest Security news updates.