CISA has updated it’s Known Exploited Vulnerabilities list to include a new Arm GPU bug that put most Android devices at risk.
The security bug is a use-after-free vulnerability that can let anyone gain root privileges and exploit such access to steal sensitive data. Google pushed a patch for this in the July security update and advised users to apply it. CISA, on the other hand, urges federal agencies to patch/update it before this month’s end.
Privilege Escalation Bug in Arm GPU
Security bugs in any form are dangerous, as they let the threat actors exploit your resources for their good. So whenever you encounter a security bug on your system, it’s highly suggested to address it immediately and not be used.
The US CISA does the same by warning the nation’s federal agencies to patch any severe bug. The agency maintains a list of Known Exploited Vulnerabilities, where it notes all the bugs in electronic devices that are actively being exploited in the wild.
This week, CISA updated the KNE list to include a high-severity Arm Mali GPU kernel driver flaw that lets anyone exploiting it gain root privileges and steal sensitive data. Tracked as CVE-2021-29256, experts say the flaw can be triggered by allowing improper operations on GPU memory.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Noticing how serious the flaw is, Google released a patch for this bug in it’s latest security update. Thus, CISA urges the US federal agencies to apply this patch as soon as possible – with a deadline of July 28th and keep their devices secured against cyber attacks.
Though it’s directed at federal agencies, every other company and individual having a vulnerable device is advised to apply this patch and be safe against potential attacks.
Other Trending News:- News