No major Android
device manufacturers including Samsung, Oppo, and Xiaomi have issued any updates addressing five medium-severity security vulnerabilities in Arm's Mali GPU driver, even though the flaws have been fixed by Arm from July to August, SiliconAngle
Google has also failed to roll out fixes for the GPU flaws, which could be exploited to help attackers read and write physical pages brought back to the system, for its own Pixel line of devices, a report from Google's Project Zero showed.
The issues, which include a kernel memory corruption flaw, physical address disclosure vulnerability, and a use-after-free bug, were found to have "collided" with zero-days and listings for exploits in the dark web.
The findings should prompt vendors to be more responsible in providing security updates, said Project Zero researcher Ian Beer.
"Minimizing the 'patch gap' as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch," Beer added.