Google Releases Security Update to Address Serious Mali GPU Bug
Google released a security update this week that addresses dozens of vulnerabilities, including five deemed “critical” by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The update, dubbed 2023-06-05, fixes a total of 56 vulnerabilities, one of which is a very serious flaw in Arm’s Mali GPU kernel driver.
The Vulnerability
The bug, designated CVE-2022-22706, is described by NIST as “Arm Mali GPU Kernel Driver”. It allows a non-privileged user to gain write access to read-only memory pages. The vulnerability has a severity score of 7.8 out of 10, which puts it in the “high” category.
According to Google’s June 5 Security Bulletin, “There are indications that CVE-2022-22706 may be subject to restricted and targeted exploitation.” Google’s Threat Analysis Group (TAG) researchers found an exploit chain that took advantage of this vulnerability as early as December 2022.
In March, CISA required all US government agencies to patch their cellphones against CVE-2022-22706. Arm has fixed the issue in Bifrost and Valhall GPU Kernel Driver r36p0 and in Midgard Kernel Driver r32p0, but the fix has only now trickled down to the stable version v and android.
Samsung’s Response
Samsung fixed CVE-2022-22706 in the May 2023 update. The company’s rapid response to the active exploitation of the vulnerability is likely due to the fact that its users were explicitly targeted by the spyware campaign.
Google’s security update is a reminder of the importance of keeping devices up to date. While the update addresses a serious vulnerability, it is important to note that it is only one of 56 vulnerabilities that were fixed. It is essential to keep devices up to date in order to ensure the highest level of security.
Google’s security update is a reminder of the importance of keeping devices up to date. While the update addresses a serious vulnerability, it is important to note that it is only one of 56 vulnerabilities that were fixed. It is essential to keep devices up to date in order to ensure the highest level of security.
The update is available for download from the Google Play Store. It is important to note that the update may take some time to reach all devices, so it is important to check for updates regularly. Additionally, users should be sure to install any security updates as soon as they become available.
Google’s security update is a reminder of the need to stay vigilant when it comes to device security. While the update addresses a serious vulnerability, it is only one of many that can affect devices. Keeping devices up to date and installing security updates as soon as they become available is essential for maintaining the highest level of security.