The More You Know, The More You Know You Don’t Know (Project Zero)

The Google Project Zero blog is carrying areport on zero-day vulnerabilities found to be exploited during 2021.

5 of the 7 [Android] 0-days from 2021 targeted GPU drivers. This isactually not that surprising when we consider the evolution of the Androidecosystem as well as recent public security research intoAndroid. The Android ecosystem is quite fragmented: many differentkernel versions, different manufacturer customizations, etc. If anattacker wants a capability against "Android devices", theygenerally need to maintain many different exploits to have a decentpercentage of the Android ecosystem covered. However, if theattacker chooses to target the GPU kernel driver instead of anothercomponent, they will only need to have two exploits since mostAndroid devices use 1 of 2 GPUs: either the Qualcomm Adreno GPU orthe ARM Mali GPU.