Samsung Android

Google says a months-old security vulnerability still hasn’t been patched on Pixel, Samsung

From 9to5google.com


Google’s Project Zero this week highlighted the “gap†in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability.

The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices using Arm’s Mali GPU, which means it affects Google Pixel, Samsung Galaxy, and countless other Android smartphones.

If exploited, it would allow an attacker to “read and write physical pages after they had been returned to the system,†potentially gaining “broad access†to a user’s data.

Arm apparently fixed these issues for its Mali GPUs a while back, after they were first discovered in June and July. But several months later, Project Zero found that many Android devices from Samsung, Oppo, Xiaomi, and even Google’s own Pixel lineup have yet to implement these fixes, leaving the vulnerability open.

We reported these five issues to ARM when they were discovered between June and July 2022. ARM fixed the issues promptly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (assigning CVE-2022-36449) and publishing the patched driver source on their public developer website.

…we discovered that all of our test devices which used Mali are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins.

It’s worth noting that this doesn’t apply to devices using Qualcomm Snapdragon chips, as those do not use Arm’s Mali GPU. However, devices using MediaTek chips, Samsung Exynos, as well as Google Tensor are affected.

More on Android:


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The post Google says a months-old security vulnerability still hasn’t been patched on Pixel, Samsung first appeared on 9to5google.com

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox


5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.


You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
×
* Popular *
0
Would love your thoughts, please comment.x
()
x