Google has already disclosed several security flaws in smartphones that use Mali GPUs, such as products equipped with Exynos chips. The Project Zero team says the said problems were reported to ARM this summer. Aram also resolved the security issues raised by the internet search giant in July and August. According to the Safar project team, several months after fixing these vulnerabilities, Android smartphone manufacturers including Samsung, Xiaomi, Oppo and Google themselves had not released patches to fix these problems until early this week.
to report AndroidGoogle’s Project Zero researchers identified five new problems between June and July, and they quickly reported them to ARM. Ian Beer One of the members of Safar Project said in a blog post:
One of the problems with Mali GPUs is damaging the memory core and another one is exposing physical memory addresses to user space. Three other cases of these problems are also related to the conditions of using the physical memory after it is freed. By exploiting these bugs, attackers can write and read their desired information on physical memories.
Bear He pointed out that it is possible for hackers to gain full access to a target system through vulnerabilities in Mali GPUs because they will be able to bypass Android’s permissions model and access user data extensively. Attackers can do this by forcing kernels to reuse physical memory.
Members of Google’s Project Zero found that three months after ARM patched the Mali GPU vulnerabilities, all of the devices the team tested were still vulnerable to those flaws. It is worth noting that this case was not announced in the information forums of Android product manufacturers.
Of course, we must mention that Samsung Galaxy S22 series devices and other Android phones that use Snapdragon chips have not been affected by the vulnerabilities raised by Google’s Project Zero team.