Devices from Samsung, Xiaomi, Oppo, Google and several other companies are reportedly carrying five exploitable vulnerabilities. It was found out in June this year by researchers in the Pixel 6 smartphones. Android users might have unfixed bugs in their devices. Although the chip makers have patched the bug on their end already, still millions of users allegedly remain exposed to attacks. These issues seem to be only on devices having ARM Mali graphics processing unit chips or GPU chips.
These loopholes in security will lead to attackers bypassing the permission model of Android OS and give them access to the whole system, potentially leading to data manipulation and data stealing. For instance, Samsung devices other than the Galaxy S22 series that have Exynos chipsets are currently facing similar bugs and security issues.
According to a report published by Google’s Project Zero team ‘Patch gap’ was highlighted by Google security analysts which is affecting the full supply chain in the Android ecosystem. It means the time between the patch being released and it being installed. Most attackers reverse engineer patches rather than finding the vulnerability so the patch gap becomes the window of their opportunity to exploit the system. But his patch gap is not really under anybodys’ full control. So, it should be applied and fixed sooner to avoid such security bugs.
Other than this, there is also a less known acute problem that exists. Patches need to wait for a second vendor in order to include them into the software before they can be read by an end user which is usually very lengthy. This occurs because many smartphone vendors sell devices with their own version of Android. Solution to this issue at the users’ end is yet to be rolled out by makers, says a Google’s Project Zero team report.