Home Technology Android manufacturers fail to provide patches for Mali GPU vulnerabilities

Android manufacturers fail to provide patches for Mali GPU vulnerabilities

by News Desk
0 comment

Google Project ZeroA group of security analysts employed by Google LLC to find vulnerabilities, said Android smartphone makers provided patches for several vulnerabilities discovered in Mali graphics processing units earlier this year. I warn you not to.

Five moderate-severity security flaws were found in Arm’s Mali GPU driver in June and July. The five vulnerabilities include one that leads to kernel memory corruption, one that leads to physical address disclosure, and three that lead to physical page use after free. Five vulnerabilities allow attackers to continue reading and writing physical pages after they have been returned to the system.

As Project Zero’s Ian Beer explained on November 22nd: blog postMali’s vulnerability “collided” with vulnerabilities available on the zero-day market, dark web pages selling exploits to hackers and threat groups.

Honorably, Arm fixed five vulnerabilities between July and August and announced them as security issues. Vulnerability page I published a patched driver on the developer’s website.

Fast forward to late November, and surprisingly none of the major vendors had released patches. Smartphone manufacturers specifically named include Samsung Electronics Co. Ltd., Xiaomi Inc., Guangdong Oppo Mobile Telecommunications Corp. Ltd., and Pixel.

Pixel is Google’s own line of smartphones. So one part of Google says another part of Google failed to provide users with critical security updates. The first of the five vulnerabilities was also found on the Pixel 6 by Project Zero researchers, so Google found the vulnerability in one of their phones, but months later it was made public. Even though a patch has been released, it still does not address the issue.

Beer argues that vendors, including Google itself, have a responsibility to provide security updates to their users. “Just as users are encouraged to patch releases containing security updates as soon as they become available, the same is true for vendors and companies,” he said. I’m here. “In these scenarios, minimizing the ‘patch gap’ as a vendor is arguably more important. and is blocking this action.”

Image: Google

Show your support for our mission by joining our expert Cube Club and Cube Events community. Join a community of celebrities and experts including Andy Jassy, ​​CEO of Amazon Web Services and Amazon.com, Michael Dell, Founder and CEO of Dell Technologies, Pat Gelsinger, CEO of Intel, and more .

You may also like

Leave a Comment

Copyright ©️ All rights reserved. | Canadian Trends