Google’s Project Zero team revealed yet another vulnerability that continues to plague thousands of Android smartphones. It revealed a security flaw that affects all equipment with Mali GPU graphics.
As the American company reveals, this vulnerability was discovered several months ago, however, it is yet to be corrected. It affects equipment from several reputable brands, including some models from the Pixel line.
Vulnerability affects all Android smartphones with Mali GPU graphics
Google itself discovered this vulnerability between June and July 2022. After its conclusions, the Project Zero team shared them with ARM, which promptly corrected the reported problems.
This vulnerability is known as CVE-2022-33917 and ARM released a fix for it last August. By the way, the notes of this correction are available on the various official pages of the company.
In view of what happened, it would be expected that by the end of 2022 the problems would be resolved. Unfortunately, this Google security team has recently verified that the necessary corrections are yet to be implemented.
Being associated with ARM’s Mali graphics means that equipment from brands like Samsung, Google, Xiaomi, OPPO and many more are compromised. In short, any smartphone that uses a non-Snapdragon processor remains exposed.
If your device has one of Qualcomm’s processors, then you have nothing to fear. In this case, Adreno graphics developed by the North American company are used.
User data may be at risk
Google was cautious in disclosing details about this vulnerability so as not to encourage its exploitation. Even so, it disclosed the main risks inherent to it.
As is usually the case, users’ sensitive data is the main asset at risk. This vulnerability provides unrestricted access to targeted smartphones, thus making all user data available to hackers.
These can achieve full control of the smartphone after gaining access to its software kernel. After that, the perpetrators receive read and write permissions that allow them to carry out less lawful actions.
Just as users are sensitized to install all available security updates, the same advice is replicated to builders. After ARM has made a correction available, it is now up to them to make these corrections available to their users.
Aroged editors recommend:
