Android (Photo: ShutterStock)
A security breach discovered in the Mali graphics processors, which are very common in Android phones of various types, has not yet been patched by many smartphone manufacturers, Google's "Project Zero" people warn.
Google sent the warning to the British processor designer ARM, which issued an update that closed the loopholes back in July, but quite a few smartphone manufacturers including Samsung, Xiaomi, Oppo and even Google itself(!) have not yet applied the patch.
Researchers in the project identified five different loopholes back in June, and informed ARM, which is responsible for designing the processors.
One of the vulnerabilities leads to a kernel memory failure, another exposes physical memory addresses and the third allows memory areas to be taken over, reports Ian Barr from the project.
"These allow the attacker to continue reading and writing to the device's memory even after the addresses have been returned to the system."
Bar pointed out that it is possible for an attacker to gain access to the entire system, including what he calls "broad access" to the information of the device's owners,
Ufo and even Google itself(!) have not yet closed the loophole (photo: ShutterStock)
According to the project staff, even three months after ARM fixed the vulnerabilities, the test devices they tried were still vulnerable to the attack.
They also claim that so far there has been no reference in the manufacturers' security update messages.
A spokesperson for Google told Engadget that "the solution provided by ARM is currently being tested on Android and Pixel devices, and will be released in the coming weeks."
"Android manufacturing partners will be required to send the patch to meet security requirements."
technology
privacy and security
Tags
Android