A vulnerability in older drivers for graphics units of ARM mobile processors is currently being actively attacked by cyber criminals, according to the US cyber security authority CISA. The vulnerability, included in the Known Exploited Vulnerabilities Catalog (KEV), affects the kernel driver of the ARM Mali GPUs. Older versions of the drivers allow users to access memory that has already been released, potentially leading to the spying out of information or gaining root privileges. ARM published updates for the driver source code in March 2021 to address the security issue.
CISA has not provided specific details on the cyber attacks targeting the vulnerable driver versions, including Valhall r19p0 to r29p0, Bifrost r16p0 to 29p0, and Midgard r28p0 to r30p0. The gaps in security have been closed in the Bifrost and Valhall r30p0, and Midgard r31p0 drivers, and newer ones. Identifying the driver version used on an Android device can be challenging, but some device info apps may provide information on the GPU version. Security updates after April 2021 should contain the necessary corrections, although the date alone is not a guarantee.
The exploitation of old vulnerabilities is a common occurrence, contrary to the belief that old systems are not a threat because nobody is interested in them or would write exploits for them. Users with ARM Mali GPUs on older devices should take heed of CISA’s advice to avoid falling victim to cyber attacks. Devices without updates after around April or May 2021 are likely to pose a higher risk. To mitigate potential risks, users should opt for devices that continue to receive updates. Last week, Google released updates to patch various security gaps as part of its July patch day for Android.
In conclusion, the vulnerability in older drivers for ARM Mali GPUs is being actively exploited by cyber criminals. Users are advised to install available updates or consider discarding devices without updates. The exploitation of old vulnerabilities is prevalent, emphasizing the need for ongoing updates to ensure device security.
