‘patch-lag’-leaves-millions-of-android-devices-vulnerable

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

‘Patch Lag’ Leaves Millions of Android Devices Vulnerable

It’s called a “patch gap” and describes the time it takes a fix for a known vulnerability to trickle down from software vendor to individual device manufacturers. And the latest casualties are the millions of Pixel, Samsung, Xiaomi, and other Android device brands.

According to Google’s Project Zero, after its team discovered five separate bugs in the ARM Mali GPU driver, ARM  “promptly” issued a patch in July and August. Yet, Project Zero reported that every test device they looked at this week remains vulnerable. 

There is some light at the end of the tunnel: The Android and Pixel teams said this week, “The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL requirements.”

Until there’s a better solution for tightening up the lag between the time a patch is issued and reaches the wider ecosystem, it’s up to security teams to remain “vigilant,” the Google Project Zero team advised. 

“Just as users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies,” the patch gap report explained. “Minimizing the ‘patch gap’ as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch.” 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related News

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials…
8 Reasons Why Enterprises Use Java

8 Reasons Why Enterprises Use Java

Java is one of the most well-known programming languages and software platforms that is used on countless devices such as…
360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

Previously we covered the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold…