Google admits that thousands of Android smartphones are vulnerable
Google admits that thousands of Android smartphones are vulnerable. For years, the question of fragmentation and implementation of updates was the subject of criticism. Very slow and very late implementation or total lack of updating in certain devices; The ills are many and the remedies take time to come.
Google, however, is increasing its efforts to improve this situation and make its operating system more secure and attractive. We also see improvements from some manufacturers, such as the case of Samsung.
The Mountain View company regularly identifies new flaws, thanks in particular to its team of Project Zero specialists. Responsible for finding zero-day vulnerabilities, now alert for lack of effort from Android equipment manufacturers. The latter are once again accused of waiting too long to implement patches after discovering a mistake. Thousands of devices remain vulnerable, as shown by a discovered vulnerability in the driver for two Mali graphics chips.
Two Project Zero researchers discovered the existence of six flaws in the ARM “Mali” GPU driver. It was first mentioned in June 2022 by Maddie Stone before Ian Beer, inspired by his colleague’s work, discovered five additional mistakes.
Specifically, the combination of these faults allows – by code injection – to obtain full access to the system bypassing the authorizations of Android. For the invaders, the exploration of these faults allows access to the data of a user. Contacted by Google specialists, ARM “quickly” corrected the problems in July and August 2022. The British nugget took the opportunity to offer a corrected version of the driver.
If ARM quickly made these gaps, it is up to the manufacturers to distribute the patches for their devices, and that is precisely where the problem is. On their blog, the Project Zero researchers indicate that they “discovered that all of our test devices that we used in Mali are still vulnerable to these problems.” They add that “CVE-2022-36449 [patch released by ARM] is not mentioned in any security bulletin”.
Maddie Stone’s work highlights the ability of two “hackers” to target existing flaws. She indicates that “close to 50%” of the day 0 faults observed in the first half of 2022 were variants of vulnerabilities that have already been corrected.
Newer Articles
- PlayStation reveals the first issues of Xbox Game Pass
- Tim Berners-Lee, creator of “www” tells to ignore “Web 3”
- China forces Apple to modify AirDrop
