Google's Project Zero team known for their eagle-eye research work on security vulnerabilities in smartphones and PCs, has detected a security loophole in several million Android handsets around the world.
The research report says that only the phones with ARM-based Mali GPU driver in Exynos, MediaTek, and Tensor chipsets are under threat, and others with Qualcomm silicon, are said to be safe.
"By forcing the kernel to reuse these pages as page tables, an attacker with native code execution in an app context could gain full access to the system, bypassing Android's permissions model and allowing broad access to user data," the Google research team noted.
The vulnerability (CVE-2021-39793) in Mali GPU was reported to ARM and the patch was created, but several companies including Google, Samsung, Xiaomi and others are yet to release the firmware update to protect their devices from threat actors.
While others are yet to respond to the report, Search engine giant Google has revealed it to bring a security patch to Pixel phones in the coming weeks.
"The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL (Secondary Programme Loader) requirements," Google engineer said on Project Zero website.
With billions of users in the Android ecosystem, it is imperative for OEMs (Original Equipment Manufacturers) to be proactive in delivering security patches to thwart cyber threats at all time.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.
Published 29 November 2022, 07:24 IST