Android users are facing risk from these “unfixed” bugs, here’s how
How are millions of Android devices at risk
Google’s security analysts have highlighted the “patch gap” that is affecting the entire supply chain in the Android ecosystem. The report published by the Project Zero team claims that they discovered the vulnerabilities earlier in June and were fixed by Arm in July.
These security flaws will allow attackers can bypass the permission model in Android OS to gain full access to the system and steal user data. However, these vulnerabilities are present only in devices that come with Mali graphics units.
For example, Samsung devices that come powered by its proprietary Exynos chipsets (except the Galaxy S22 series) are currently affected by these security flaws. There are some markets where Samsung’s Galaxy S22 series smartphones come with Exynos processors, but the company used an Xclipse 920 graphics chip instead of a Mali GPU driver for its latest flagship lineup.
Amongst other chipmakers, MediaTek and Huawei also use Arm’s Mali GPU drivers.
How the manufacturers reacted to the risk
The report also notes that smartphone makers are yet to roll out an update on the users’ end that will fix their devices. The exploit was initially discovered by researchers in the Pixel 6 smartphone and even Google hasn’t fixed the issue despite the Project Zero warning, the report adds.
As it takes months for firmware security updates to reach all the affected devices, these vulnerabilities can be a concern. So, device makers need to test the fixes and implement them on their products as soon as possible to ensure users’ devices are safe.