web analytics
Home » Technology » Million of Samsung phones with Exynos are reportedly affected by Mali security flaws

Million of Samsung phones with Exynos are reportedly affected by Mali security flaws

Around a million Samsung smartphones are powered by Exynos chipsets. These chips could be at risk of an attack and more likely present a security threat to the users. More specifically Exynos chipsets having Mali GPUs are at risk of various security exploits. The various vulnerabilities are as follows:

  • kernel memory corruption
  • disclosure of physical memory addresses
  • three other vulnerabilities lead to a physical page us-after-free condition

In other words, these vulnerabilities enable an attacker to continue reading and writing the physical pages even when they have been restored to the system. In addition to this, if an attacker gains access to native code execution in an app, it has a complete entrance into the system. Thus, dodging the permission model in Android OS.

Though, ARM tried to resolve the said issue. But nothing much has been done by smartphone manufacturers.

These security flaws were initially uncovered by Project Zero. They were first brought forward to ARM in June and July. Just a month later ARM resolved these Mali-related security flaws. But since the time this story is being written nothing much has been done by vendors of smartphones to address the vulnerabilities. No security patches have been applied as of yet.

Mali GPU by ARM is available in smartphones across various brands, including Oppo, Xiaomi, and Samsung. In general, the vulnerability was first reported to be found as attacking the Pixel 6. Neither Google has patched this security threat yet. Although, Project Zero has contributed many efforts to highlight this problem.

One thing to be noted here is that this problem is not associated with Samsung devices that are powered by Snapdragon or the Galaxy S22 series. Though the latter is based on an Exynos chipset in some markets. But it utilizes an Xclipse 920 graphics chip instead of a Mali GPU.