AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability found in Mali GPU drivers: updates required

Exposure to cyber attacks for Mali GPU devices: immediate corrective actions required

ARM has reported a "use-after-free" vulnerability in Mali Bifrost and Valhall GPUs, which has already been exploited by malicious actors. They recommend quick driver updates to protect devices, especially for those using versions r34p0 to r40p0, patched from r41p0 onwards.

This pill is also available in Italian language

Alert for owners of devices with Mali GPU: ARM has released a security advisory regarding a vulnerability found in the Bifrost and Valhall GPU drivers, which is already being exploited by malicious actors. This criticality allows attackers to access free portions of memory, facilitating possible execution of arbitrary code. Bifrost architecture-based GPUs are widely integrated into smartphones, tablets, Chromebooks, and embedded systems, while Valhall GPUs are found in devices such as advanced smartphones, automotive infotainment systems, and high-end smart TVs.

Description of vulnerability CVE-2024-4610

Named CVE-2024-4610, the vulnerability is classified as "use-after-free": the software continues to use blocks of memory after they have been freed, creating risks of data leakage and system compromise. ARM has confirmed that this flaw has been identified as already actively exploited, which is why it is strongly recommended to proceed with updates. The problem specifically affects all driver versions from r34p0 to r40p0, and has been corrected starting from the r41p0 version of November 24, 2022. Currently, the latest version available is r49p0, with notable improvements in terms of stability and security.

Deployment of updates

Although the corrective patches are already available and non-vulnerable versions have been distributed for some time, the problem remains that some particularly old devices may never receive the necessary fixes, due to the lack of support for security updates. This scenario is particularly relevant in the context of Android's fragmented supply chain, composed of numerous manufacturers, carriers, and custom firmware. As a result, many users may only receive such updates long after the official release, while some outdated models risk remaining permanently exposed to this vulnerability.

Impact for users and recommendations

The primary risk for users is potential exposure to exploits that could compromise the integrity and security of their devices. Therefore, to best protect your data and devices, it is essential to check for updates for Mali GPU drivers and install them promptly. It is also recommended to pay attention to the safety communications of manufacturers and developers, following their instructions to minimize the associated risks. Adopting general security practices, such as avoiding installing software from unverified sources and keeping the operating system updated, constitutes an additional line of defense against possible attacks.

Follow us on Telegram for more pills like this

06/12/2024 08:56

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises