A massive Mali GPU security flaw that virtually affects millions of Samsung phones running on Exynos chipsets was confirmed last year in November. Since then, this Mali vulnerability became a part of a chain that hackers successfully exploited to lead unsuspecting Samsung Internet users to malicious websites. And although that particular exploit chain was broken, the Mali security flaw uncovered last year continues to affect almost every Samsung device powered by Exynos, except for the Galaxy S22 and it's Xclipse 920 GPU.
Google’s Threat Analysis Group (TAG) revealed the exploit chain earlier today. In December 2022, TAG discovered this exploit chain that relies on multiple 0-day and n-day vulnerabilities and targets the Chrome and Samsung Internet browsers.
To be specific two vulnerabilities in this chain concern Chrome. And since Samsung Internet Browser uses Chromium, the app was used as an attack vector in conjunction with the Mali GPU kernel driver vulnerability reported last year. This Mali exploit grants attackers system access.
Through this chain of exploits, hackers would send one-time links via SMS to Samsung Galaxy devices located in the UAE (United Arab Emirates). The links would redirect unsuspecting users to a page that would deliver “a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications.”
Google fixed those two Chrome vulnerabilities and patched it's own Pixel phones at the beginning of 2023. Samsung also fixed it's Samsung Internet browser in December 2022. The Korean tech giant addressed the two flaws related to Chromium (CVE-2022-4262 and CVE-2022-3038) through an Internet browser app update after version 19.0.6
Samsung broke the exploit chain that was leveraging its Chromium-based Internet app and the Mali kernel vulnerability in December, and it appears that the attacks on users in the UAE have stopped. However, one glaring issue remains.
The exploit chain Google detailed was addressed vis Samsung Internet browser updates in December. But one link in the chain, consisting of the massive Mali security vulnerability (CVE-2022-22706), remains unpatched on Samsung devices equipped with Exynos chipsets and Mali GPUs. Despite the fact that Mali already provided a fix for it's kernel driver exploit as early as January 2022.
Until Samsung fixes this issue through a security firmware patch containing the Mali fix, it appears that the majority of Galaxy devices featuring Exynos SoCs remain vulnerable to the Mali GPU kernel driver exploit.
