Google says a months-old security vulnerability still hasn’t been patched on Pixel, Samsung

Google’s Project Zero this week highlighted the “gap” in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability.

The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices using Arm’s Mali GPU, which means it affects Google Pixel, Samsung Galaxy, and countless other Android smartphones.

If exploited, it would allow an attacker to “read and write physical pages after they had been returned to the system,” potentially gaining “broad access” to a user’s data.

Arm apparently fixed these issues for its Mali GPUs a while back, after they were first discovered in June and July. But several months later, Project Zero found that many Android devices from Samsung, Oppo, Xiaomi, and even Google’s own Pixel lineup have yet to implement these fixes, leaving the vulnerability open.

We reported these five issues to ARM when they were discovered between June and July 2022. ARM fixed the issues promptly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (assigning CVE-2022-36449) and publishing the patched driver source on their public developer website.

…we discovered that all of our test devices which used Mali are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins.

It’s worth noting that this doesn’t apply to devices using Qualcomm Snapdragon chips, as those do not use Arm’s Mali GPU. However, devices using MediaTek chips, Samsung Exynos, as well as Google Tensor are affected.

More on Android:

Author: Ben Schoon
Source: 9TO5Google

Related posts

YouTube Music album redesign rolling out on Android and iPhone


Google Messages rolling out reactions using any emoji

AI & RoboticsNews

How IBM’s new supercomputer is making AI foundation models more enterprise-budget friendly


Canon announces RF 24-50mm F4.5-6.3 IS STM

Sign up for our Newsletter and
stay informed!