Google warns millions of Android devices could be at risk of attack due to this flaw

Risks caused by Mali GPU driver flaws remain a threat

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas warned that Android devices around the world could be at risk of cyberattacks, partly due to the slow and cumbersomepatchingprocess.

Cybersecurity researchers from Google’s Project Zero team discovered a total of five vulnerabilities affecting theArmMali GPU driver.

The flaws have been grouped under two identifiers - CVE-2022-33917, and CVE-202236449, and they allow threat actors a myriad of options, from accessing free memory sections, to writing outside of buffer bounds. They’ve all gotten a severity score of “medium”.

More OEMs, slower patches

The flaws have since been patched, but hardware manufacturers are yet to apply these patches on theirendpoints. UnlikeApple, which is the sole creator of both hardware, and software, for the iPhone mobile ecosystem, Google is not the only company creating the software and hardware for Android.

Besides Google with its Pixel phone, there is a relatively large number of smartphone manufacturers building Android-powered devices, such asSamsung,LG, Oppo, and many others. All these companies have their own, modified versions of Android, and their own approach to hardware. That said, when a vulnerability is discovered, each original equipment manufacturer (OEM) needs to apply the patch to their own devices. That can take time, as these patches can sometimes conflict with the device’s drivers or other components.

New Android 13 patch fixes battery drain issue and more for Pixel phones>Next Android update is bringing a much-missed feature back to Pixel phones>Here are the best Android antivirus solutions at the moment

And that’s exactly the problem here.

The flaws affect Arm’s Mali GPU drivers codenamed Valhall, Bifrost, Midgard, and affect a long list of devices, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, and many, many others. The entire list can be foundhere.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Right now, there’s nothing users can do other than wait for their respective manufacturers to apply the patch, as it should be delivered to OEMs in a few weeks.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing