Kwararrun masana masu tunani sun ba da rahoton matsalar tsaro a cikin injin Kaspersky Lab. Kamfanin ya ce rashin lafiyar yana ba da damar zubar da ruwa, ta yadda zai haifar da yuwuwar aiwatar da code na sabani. Masana sun gano raunin da aka ambata kamar yadda CVE-2019-8285. Matsalar tana shafar nau'ikan injin riga-kafi na Kaspersky Lab waɗanda aka saki kafin Afrilu 4, 2019.
Masana sun ce rashin lahani a cikin injin riga-kafi, wanda ake amfani da shi a cikin mafita na software na Kaspersky Lab, yana ba da damar cikar buffer saboda rashin iya bincika iyakokin bayanan mai amfani daidai. An kuma bayar da rahoton cewa maharan za su iya amfani da wannan raunin don aiwatar da code na son rai a cikin mahallin aikace-aikacen da ke kan kwamfutar da aka yi niyya. An yi imanin cewa wannan raunin na iya ba da damar maharan su haifar da ƙin sabis, amma ba a tabbatar da hakan a aikace ba.
Kaspersky Lab ya fito da bayanai wanda ke kwatanta batun da aka ambata a baya CVE-2019-8285. Sakon ya bayyana cewa raunin yana ba wa wasu kamfanoni damar aiwatar da lambar sabani akan kwamfutocin masu amfani da aka kai hari tare da gata na tsarin. An kuma bayar da rahoton cewa, a ranar 4 ga Afrilu, an fitar da wani faci wanda ya magance matsalar gaba daya. Kaspersky Lab ya yi imanin cewa lalacewar ƙwaƙwalwar ajiya na iya kasancewa sakamakon bincikar fayil ɗin JS, wanda zai ba maharan damar aiwatar da lambar sabani akan kwamfutar da aka kai harin.
source: 3dnews.ru