Google has uncovered many security problems in phones equipped with Mali GPUs, such as those equipped with Exynos SoCs. According to the company`s Project Zero team, the issues were reported to ARM (which designs the GPUs) in the summer.
Researchers discovered five additional concerns in June and July and immediately reported them to ARM. ”
One of these issues caused kernel memory corruption, another caused physical memory addresses to be disclosed to userspace, and the remaining three caused physical page use-after-free,” Project Zero’s Ian Beer wrote in a blog post. ”
These would allow an attacker to continue reading and writing physical pages even after they were returned to the system.”
Beer stated that a hacker may acquire complete access to a machine by circumventing Android’s permissions architecture and gaining “wide access” to a user’s data.
Resources have contacted Google, Samsung, Oppo, and Xiaomi to inquire when the updates would be available for their Android smartphones and why it has taken so long.