Published November 24, 2022
Author: Ash Khan

Mali GPU driver issues continue to pose a significant threat.

Google workspace’s parent company has warned that Android smartphones throughout the world may be vulnerable to cyberattacks. This is partly because of the lengthy, time-consuming, and inconvenient patching procedure.

The company’s online security website team of security researchers uncovered five vulnerabilities in the Arm Mali GPU driver. The weaknesses have been classified as CVE-2022-33917 and CVE-202236449, and they give threat actors a wide range of possibilities, from accessing free memory portions to writing outside of buffer limits. They’ve all received a “medium” severity rating.

More OEMs mean slower patches

Although the issues have been fixed, device makers have yet to implement the updates to their endpoints. Unlike Apple, which is the exclusive producer of both hardware and software for the iPhone mobile ecosystem, Google is not the sole inventor of Android software and hardware.

Why security patches are important?

A security patch update is a software update that is frequently pushed out by a software developer to all devices that contain the web applications or mobile app that requires the update. The reason for these delayed patch updates is that the vulnerability is not detected prior to the release of the major update or first software.

 A security patch update’s objective is to close security gaps that a large software update or first software download did not. This implies that with every security patch release, there are hundreds of victims who have been hacked as a result of the hole or vulnerability, and the developer has been alerted. When a developer discovers a hole or vulnerability, they create a patch update to send out that will symbolically ‘patch it up.’

What happens if security patches are not installed?

The most serious ramification of ignoring the security update is an increased likelihood of a significant data breach. Hackers are resourceful; therefore, it is simple for them to locate a flaw in the security system and exploit it to get access to and acquire sensitive corporate data.

Unpatched vulnerabilities in the system cause around 60% of data breaches.

Android security patches

Aside from Google’s Pixel phone, there are a plethora of smartphone manufacturers producing Android-powered handsets, including Samsung, LG, Oppo, and many more. All of these organizations have their own, customized versions of Android, as well as their own hardware strategy. However, once a vulnerability is identified, each original equipment manufacturer (OEM) must apply the fix to their own devices. This can take some time since these fixes can occasionally clash with the device’s drivers or other components.

That is precisely the issue here. The defects impact Arm’s Mali GPU drivers codenamed Valhall, Bifrost, and Midgard, and they affect a wide range of devices, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, and many more. Users can only wait for their particular manufacturers to implement the patch for the time being, since it should be given to OEMs in a few weeks.