TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Old Zero-Day Vulnerabilities Remain Unpatched on Samsung, Google Phones

Staff by Staff
November 29, 2022
in Computer
0
Old Zero-Day Vulnerabilities Remain Unpatched on Samsung, Google Phones
466
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


This site may earn affiliate commissions from the links on this page. Terms of use.

Google’s Project Zero team is on the front lines of digital security, analyzing code, reporting bugs, and generally making the internet safer. However, not every vulnerability gets fixed in a timely manner. A recent batch of serious flaws in Arm’s Mali GPU were reported by Project Zero and fixed by the manufacturer. However, smartphone vendors never implemented the patches, among them Google itself. So, that’s a little embarrassing.

The story starts in June 2022 when Project Zero researcher Maddie Stone gave a presentation on zero-day exploits — known vulnerabilities for which there is no available patch. The talk used a vulnerability identified as CVE-2021-39793 and the Pixel 6 as an example. This flaw allowed apps to access read-only memory pages, which can leak personal data. Following this, researcher Jann Horn started looking more closely at ARM Mali GPU code, finding five more vulnerabilities that could allow an attacker to bypass Android’s permission model and take control of the system.

Some of these issues were allegedly available for sale on hacking forums, making them especially important to patch. Project Zero reported the issues to ARM, which followed up with source code patches for vendors to implement. Project Zero waited another 30 days to disclose the flaws, which it did in August and mid-September 2022. Usually, this would be the end of the story, but Project Zero occasionally circles back to assess the functionality of fixes. In this case, the team found a “patch gap.”

Google believes the Mali issues it uncovered were already available in the zero-day market.

Although ARM released the patches over the summer, vendors hadn’t integrated them into their regular Android updates. The issues affect numerous devices that run a system-on-a-chip featuring a Mali GPU, including Android phones from Samsung, Xiaomi, Oppo, and Google. Snapdragon chips are spared as they use Qualcomm’s own Adreno GPU. So, Samsung phones in North America are safe, but those sold internationally with Exynos chips are at risk.

In past years, this might not have affected Google, but the company switched from Qualcomm to the custom Tensor chips for Pixel phones in 2021. Tensor uses a Mali GPU, so Google’s security team found flaws that the Pixel team failed to add to the regular software updates. Google is not alone in making this mistake, but it’s still not a great look. Google now says that the Mali patches will be added to Pixel phones “in the coming weeks.” Other vendors haven’t offered a timetable yet.

Now read:





Source link

Previous Post

Nvidia AI plays Minecraft, wins machine learning conference award

Next Post

Orion capsule watches moon eclipse Earth at trek’s farthest point

Next Post
Orion capsule watches moon eclipse Earth at trek's farthest point

Orion capsule watches moon eclipse Earth at trek's farthest point

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

How do I ask for shift coverage?

August 24, 2022
A fifth of passwords used by federal agency cracked in security audit

A fifth of passwords used by federal agency cracked in security audit

January 11, 2023

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com