Bayani game da mahimmanci
(CVE-2019-3568) a cikin aikace-aikacen wayar hannu ta WhatsApp, wanda ke ba ku damar aiwatar da lambar ku ta hanyar aika kiran murya na musamman. Don nasarar harin, ba a buƙatar amsa kira mara kyau; Koyaya, irin wannan kiran sau da yawa baya bayyana a cikin rajistar kira kuma mai amfani na iya ganin harin ba tare da an gane shi ba.
Lalacewar ba ta da alaƙa da ƙa'idar siginar, amma ana haifar da shi ta hanyar buffer ambaliya a cikin takamaiman tari na VoIP na WhatsApp. Ana iya yin amfani da matsalar ta hanyar aika fakiti na musamman na SRTCP zuwa na'urar wanda aka azabtar. Lalacewar ta shafi WhatsApp don Android (kafaffen 2.19.134), Kasuwancin WhatsApp don Android (wanda aka gyara a cikin 2.19.44), WhatsApp don iOS (2.19.51), Kasuwancin WhatsApp don iOS (2.19.51), WhatsApp don Windows Phone ( 2.18.348) da WhatsApp don Tizen (2.18.15).
Abin sha'awa, a cikin bara WhatsApp da Facetime Project Zero sun ja hankali ga tawayar da ke ba da damar aika saƙonnin sarrafawa masu alaƙa da kiran murya da sarrafa su a matakin kafin mai amfani ya karɓi kiran. An ba da shawarar WhatsApp ya cire wannan fasalin kuma an nuna cewa lokacin yin gwaji mai ban mamaki, aika irin waɗannan saƙonni yana haifar da haɗarin aikace-aikacen, watau. Ko a bara an san cewa akwai yuwuwar rashin ƙarfi a cikin lambar.
Bayan gano alamun farko na daidaita na'urar a ranar Juma'a, injiniyoyin Facebook sun fara samar da hanyar kariya, a ranar Lahadin da ta gabata sun toshe mashigin a matakin samar da ababen more rayuwa ta hanyar amfani da hanyar aiki, kuma a ranar Litinin suka fara rarraba sabuntawar da ke daidaita manhajar abokin ciniki. Har yanzu ba a bayyana adadin na'urorin da aka kaiwa hari ta hanyar amfani da raunin ba. Rahotannin da aka bayar kawai sun hada da yunkurin da bai yi nasara ba a ranar Lahadin da ta gabata na yin sulhu da wayar salular daya daga cikin masu fafutukar kare hakkin dan Adam ta hanyar amfani da wata hanya mai kama da fasahar NSO Group, da kuma yunkurin kai hari kan wayar wani ma'aikacin kungiyar kare hakkin bil'adama ta Amnesty International.
Matsalar ta kasance ba tare da tallatawa mara amfani ba Kamfanin NSO Group na Isra'ila, wanda ya sami damar yin amfani da raunin don shigar da kayan leken asiri akan wayoyin hannu don samar da sa ido daga hukumomin tilasta bin doka. NSO ta ce tana duba kwastomomi sosai (yana aiki ne kawai tare da jami'an tsaro da hukumomin leken asiri) tare da bincikar duk korafe-korafen cin zarafi. Musamman ma, yanzu an fara shari’ar da ke da nasaba da hare-haren da aka rubuta a WhatsApp.
NSO ta musanta hannu a cikin takamaiman hare-hare da ikirarin haɓaka fasaha don hukumomin leken asiri kawai, amma mai fafutukar kare haƙƙin ɗan adam da aka azabtar ya yi niyyar tabbatarwa a kotu cewa kamfanin yana da alhakin abokan cinikin da ke cin zarafin software ɗin da aka ba su, kuma ya sayar da samfuransa ga ayyukan da aka sani da su. take hakkin dan adam.
Facebook ya fara gudanar da bincike kan yuwuwar yin sulhu da na'urorin kuma a makon da ya gabata ya raba sakamakon farko ga ma'aikatar shari'a ta Amurka a asirce, sannan kuma ya sanar da wasu kungiyoyin kare hakkin bil'adama game da matsalar don daidaita wayar da kan jama'a (akwai kusan biliyan 1.5 na WhatsApp a duk duniya).
source: budenet.ru