There doesn’t seem to be any peace at Google: After an expert “accidentally” discovered a bug in Android 13 a few weeks ago, today the news comes from one Bugs in the Mali GPUs of many smartphones that mount the Big G operating system, but this time it was Google itself that discovered the problem.
Specifically, Mountain View’s Project Zero team said it discovered the vulnerability last July and has already reported it to ARM, which makes the Mali-line GPUs. It is not clear if the problem affects all or only some Mali GPUsbut considering the latter being used on Samsung’s Exynos, Google’s Tensor, and Qualcomm’s Snapdragon SoCs, the risk of a vulnerability spreading to almost the entire Android market is concrete.
However, there is good news and bad news: The good news is that the The vulnerability can be fixed by software, so commitment from OEMs and smartphone makers could buffer the issue until ARM directly intervenes on the hardware of its GPUs. The bad news, however, is that manufacturers of the caliber of Samsung, Xiaomi, OPPO, and even Google itself they haven’t done anything yet to troubleshoot their devices.
According to Project Zero researcher Ian Beer, the problem would indeed be there Sum of five different vulnerabilities“any of which can cause kernel memory corruption. If these vulnerabilities are exploited together, malicious actors could continuously read and write system memory at the physical level.”.
In practice, Beer explains, if the vulnerability were fully exploited, it would become a Hackers to take full control of your system of the smartphone, completely bypassing the Android permissions mechanism and gaining full access to the user’s data.