Google’s Project Zero team revealed another vulnerability that continues to affect thousands of Android smartphones. Revealed a security flaw that affects all computers with Mali GPU graphics.
As revealed by the American company, this vulnerability was discovered several months ago, however, it has not yet been corrected. It affects equipment from several well-known brands, including some models from the Pixel line.
Vulnerability affects all Android smartphones with Mali GPU graphics
Google itself discovered this vulnerability between June and July 2022. Following their findings, the Project Zero team shared them with ARM, which promptly fixed the reported issues.
This vulnerability is known as CVE-2022-33917 and ARM released a fix last August. By the way, the notes of this correction are available on the different official pages of the company.
In view of what happened, it is expected that the problems will be solved by the end of 2022. Unfortunately, this Google security team has recently verified that the necessary fixes have not yet been implemented.
Being associated with ARM’s Mali graphics means equipment from brands like Samsung, Google, Xiaomi, OPPO and many more are engaged. In short, any smartphone that uses a non-Snapdragon processor remains exposed.
If your device has one of Qualcomm’s processors, then you have nothing to fear. In this case, Adreno graphics developed by the North American company are used.
User data may be at risk
Google was cautious in disclosing details about this vulnerability so as not to encourage its exploitation. Even so, he disclosed the main risks inherent to it.
As is often the case, sensitive user data is the main asset at risk. This vulnerability provides unrestricted access to targeted smartphones, making all user data available to hackers🇧🇷
These can achieve full control of the smartphone after gaining access to the nucleus of your software. The perpetrators are then given read and write permissions that allow them to perform less lawful actions.
Just as users are sensitized to install all available security updates, the same advice is replicated to builders. After ARM has made a fix available, it is now up to them to make these fixes available to their users.
