Millions of Android devices are at risk of cyber attack

Cybersecurity researchers from Google’s Project Zero team have discovered a total of five vulnerabilities affecting the Arm Mali GPU driver. For this reason, millions of Android devices are at risk of cyber-attacks due to the slow and difficult process of releasing new patches, which hampers the decentralized mobile platform.

The flaws are grouped into two identifiers CVE-2022-33917 and CVE-202236449 and allow hackers to do a lot of things, from accessing parts of free memory to writing outside the bounds of temporary memory. All these vulnerabilities have received a “medium” severity score.

Although these flaws have now been fixed, hardware manufacturers have yet to apply patches to their endpoints. Unlike Apple, which alone produces hardware and software for the iPhone mobile ecosystem, Google is not the only company that develops software and hardware for Android phones.

In addition to Google with its Pixel phones, quite a number of manufacturers like Samsung, LG, Oppo, Xiaomi, and many more are also developing phones powered by the Android operating system. All these companies have their own modified versions of Android and their own approach to hardware.

Android phones affected by this security flaw

And the main problem is that the flaws affect Arm’s Mali GPU graphics drivers, codenamed Valhall, Bifrost, Midgard, and a long list of phones like the Pixel 7, Xiaomi 12 Pro, Samsung Galaxy S10, Huawei P40 Pro, and many others. places that you can get their complete list from BleepingComputer view

With this in mind, it is said that when a vulnerability is discovered, all original equipment manufacturers (OEMs) must apply remedial patches to their devices. This can be time-consuming, as these patches can sometimes conflict with device drivers or other components.