Android security flaws not fixed by Google, Samsung

Google has warned that five security flaws affecting Android smartphones remain unpatched months after they were brought to the attention of phone makers.

In a blog post(Opens in a new window)Google’s Project Zero said flaws it previously reported in June and July had not been resolved, leaving users of smartphones owned by Samsung, Xiaomi, Oppo and Google itself at risk of hacking.

The issues reported earlier in the year were related to semiconductor designer ARM’s “Mali” graphics card processor, or GPU. The GPU can be found in phones such as the Pixel 6.

According to a report in Tech Circle, ARM fixed the issues in August, phone brands such as Samsung and Google haven’t fixed any issues yet.(Opens in a new window) vulnerabilities.

Ian Beer, a researcher at Project Zero, said the security flaws could lead to “kernel memory corruption”, as well as “leaking physical memory addresses to unprivileged user space”. This effectively means that an attacker could exploit security holes to gain full access to a user’s device and “broad” access to a user’s data.

Beer notes that an attacker could gain access to it by forcing the memory core to read and write physical pages after they were returned to the system.

According to Project Zero, none of the affected phone makers mentioned the issues in “downstream security bulletins” or publicly stated if and how they would fix it, with the exception of Google.

Recommended by our editors

Speaking to Engadget, a Google spokesperson said: “The patch provided by ARM is currently being tested for Android and Pixel devices and will ship in the coming weeks. Android OEM partners will need to take the patch to comply with future SPL requirements. “

It seems that the security vulnerabilities noted by industry researchers are mostly variants of current security flaws. Earlier this year, Project Zero released a report that found that half of actively exploited zero-day vulnerabilities discovered in the first half of the year were variants of existing security flaws.

Fully Mobilized<\/strong> newsletter to get our top mobile tech stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:18:21.000000Z”,”published_at”:”2022-09-27T15:45:43.000000Z”,”last_published_at”:”2022-09-27T15:45:27.000000Z”,”created_at”:null,”updated_at”:”2022-09-27T15:45:43.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you read ?

Register for fully mobilized newsletter to get our top mobile tech stories straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Service and Privacy Policy. You can unsubscribe from newsletters at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *