'Patch Lag' Leaves Millions of Android Devices Vulnerable - Dark Reading

It's called a "patch gap" and describes the clip it takes a hole for a known vulnerability to trickle down from bundle vendor to idiosyncratic instrumentality manufacturers. And the latest casualties are the millions of Pixel, Samsung, Xiaomi, and different Android instrumentality brands.

According to Google's Project Zero, aft its squad discovered 5 abstracted bugs successful the ARM Mali GPU driver, ARM  "promptly" issued a spot successful July and August. Yet, Project Zero reported that each trial instrumentality they looked astatine this week remains vulnerable. 

Until there's a amended solution for tightening up the lag betwixt the clip a spot is issued and reaches the wider ecosystem, it's up to information teams to stay "vigilant," the Google Project Zero squad advised. 

"Just arsenic users are recommended to spot arsenic rapidly arsenic they tin erstwhile a merchandise containing information updates is available, truthful the aforesaid applies to vendors and companies," the spot spread report explained. "Minimizing the 'patch gap' arsenic a vendor successful these scenarios is arguably much important, arsenic extremity users (or different vendors downstream) are blocking connected this enactment earlier they tin person the information benefits of the patch."