In its fourth annual 0-days report, Google worries about the gap between Android patches deployed by different smartphone manufacturers, an issue of particular concern in 2022.
As you probably know, each smartphone manufacturer takes a certain amount of time to correct a security problem, since not all of them deploy the same number of updates, and these do not arrive at the same time. The problem is that some of them take way too long to close some loopholesaccording to a new report from Google.
The “patch gap” refers to the time between when a security flaw is patched by an upstream vendor (like Google) and when the downstream manufacturer (like device makers) releases the patch to their own smartphones. so that users can apply it. This lag exposes users to potential attacksas no fix is immediately available.
Read also – Your smartphone may be in danger, critical flaws spotted on Samsung Exynos chips
Samsung and other manufacturers take too long to roll out some updates
While patch gaps exist between platforms, Google has found them to be more frequent and longer on Android. In two examples cited last year, a vulnerability in the ARM Mali GPU for example took six months to be fixed by Android after its initial discovery by ARM.
Indeed, a vulnerability in ARM’s Mali GPU kernel driver was patched by ARM in January 2022, but was exploited in November of the same year as a 0-day vulnerability. On his side, Samsung also took no less than 7 months to correct a flaw in its Samsung Internet applicationbecause it was using a vulnerable version of Chromium.
Google emphasizes the need to expedite the process of delivering patches and mitigations to users to ensure they are protected. Prompt action is essential to prevent attackers from taking advantage of known vulnerabilities and exploiting user devices.
Some smartphone users, such as owners of Xiaomi devices, are particularly vulnerable, since the Chinese manufacturer does not deploy monthly security updates, and this even on its high-end phones, unlike Samsung. Another alarming finding: more than 40% of the vulnerabilities discovered were variants of previously reported vulnerabilities. It therefore becomes urgent that Android smartphone manufacturers increase the pace of updates.
