Update – According to Google, it looks like a fix for the exploit is being developed and should be making its way to Pixel devices in the coming weeks.
Update from Android and Pixel: “The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL requirements.”
Our phones, just like our computers, feature the use of a GPU which is used to help power applications like games, user interfaces, and more. For Android, a lot of the GPUs that are being used are Mali GPUs and we have some bad news on that front.
According to Google’s Project Zero which seeks out vulnerabilities that might be exploited by malicious hackers, it seems that they have discovered a security flaw in Mali GPUs that could lead to all sorts of problems. This includes kernel memory corruption, physical memory addresses being disclosed, and more.
According to the Project Zero team, they brought this to Arm’s attention back in July and to Arm’s credit, they were quick to patch the issue a month later. The only problem is that smartphone manufacturers who have devices that use the Mali GPU have yet to patch the problem on their end.
This means that despite Arm patching it on their end and providing the solution to manufacturers, these manufacturers have yet to apply the patch to their devices, thus leaving potentially millions of smartphones out there vulnerable to attack. Hopefully with the publicization of this vulnerability, it will spur manufacturers to quickly do something about it, but until then, Android phone owners will just need to be extra vigilant.