No code is perfect, but when gaps are found that attackers can take advantage of, there's always a chance it could open the floodgates for an unauthorized third party to gain full access to your devices. Luckily, it usually never comes to that, as these vulnerabilities are patched before disaster strikes, or quickly patched if it does. This is why timely security patches are important on the best Android phones. That said, if your phone's using a Mali GPU, you might want to take extra care for the next while as plugs for some recently-disclosed security holes are still making their way across devices..

Google's Project Zero security research team has a blog post detailing exploits it found based within Arm's Mali GPU driver. Mobile chipsets from the likes of Samsung (Exynos), Google (Tensor), and MediaTek that include the GPU may be affected — not so much those owning devices running a Snapdragon SoC as those feature Qulacomm's own Adreno GPU design.

Project Zero says one of its members performed an audit on the Mali GPU driver after a previous exploit it found was patched — they gave a presentation on the vulnerability at FirstCon22 in June.

Google says that it reported these five issues to ARM months ago and they were promptly disclosed and fixed in the driver's source. Yet, later downstream testing had revealed that the fixes have not made it to user builds, resulting in phones that are still vulnerable even today — despite the fact that ARM fixed these issues as early as July. Even recent Tensor-equipped Google Pixel phones are affected.

The aim of the post is to get OEMs to "mind the patch gap" and do their best to roll out security fixes to users as soon as possible. With a public callout like this, your phone's manufacturer may be under pressure to pass along the patches — given your phone's maker cares, of course.

The vulnerabilities are listed under CVE-2022-33917.