ProHoster > Блог > labaran intanet > Rashin lafiya a cikin injunan tantance bayanai na MediaTek da ALAC na Qualcomm yana shafar mafi yawan Android-na'urori

Rashin lafiya a cikin injunan tantance bayanai na MediaTek da ALAC na Qualcomm yana shafar mafi yawan Android-na'urori

Check Point ya gano lahani a cikin MediaTek (CVE-2021-0674, CVE-2021-0675) da Qualcomm (CVE-2021-30351) masu dikodi don tsarin matsi na audio na Apple Lossless Audio Codec (ALAC). Matsalar tana ba da damar aiwatar da lambar maharin yayin sarrafa bayanai na musamman a cikin tsarin ALAC.

Haɗarin raunin yana ƙaruwa ne saboda yana shafar na'urorin da ke gudanar da dandamalin. Android, sanye take da MediaTek da Qualcomm chips. Sakamakon harin, mai hari zai iya aiwatar da malware a kan na'urar, yana samun damar shiga bayanan sadarwa da multimedia na mai amfani, gami da bayanan kyamara. An kiyasta cewa kashi biyu bisa uku na duk masu amfani da wayar salula da ke amfani da wannan dandamali suna fuskantar wannan matsala. AndroidMisali, a Amurka, jimillar kason dukkan motocin da aka sayar a kwata na hudu na shekarar 2021 Android- wayoyin salula da aka bayar da kwakwalwan MediaTek da Qualcomm sun kai kashi 95.1% (48.1% - MediaTek, 47% - Qualcomm).

Ba a bayyana cikakkun bayanai game da yadda ake amfani da raunin ba tukuna, amma an ruwaito cewa sassan MediaTek da Qualcomm na dandamalin Android An yi gyare-gyare a watan Disamba na 2021. A cikin rahoton raunin dandamali na Disamba Android An gano matsalolin a matsayin manyan raunin da ke tattare da sassan mallakar kwakwalwan Qualcomm. Ba a ambaci raunin da ke tattare da sassan MediaTek a cikin rahotannin ba.

Rashin lahani yana da ban sha'awa ga tushen sa. A cikin 2011, Apple ya buɗe ƙarƙashin lasisin Apache 2.0 lambar tushe don codec na ALAC, wanda ke ba ku damar damfara bayanan sauti ba tare da asara mai inganci ba, kuma ya ba ku damar amfani da duk takaddun shaida masu alaƙa da codec. An buga lambar amma ba a kula da ita kuma ba ta canza ba a cikin shekaru 11 da suka gabata. A lokaci guda, Apple ya ci gaba da tallafawa daban-daban aiwatar da amfani da shi a cikin dandamali, gami da gyara kwari da raunin da ke cikinsa. MediaTek da Qualcomm sun kafa tsarin aiwatar da codecs na ALAC akan asalin buɗaɗɗen lambar tushe na Apple, amma ba su magance raunin da aiwatar da Apple ya yi ba a cikin aiwatarwa.

Har yanzu babu wani bayani game da bayyanar rauni a lambar wasu samfuran waɗanda kuma suke amfani da tsohuwar lambar ALAC. Misali, tsarin ALAC yana samun goyan bayan FFmpeg 1.1, amma lambar aiwatar da dikodi ana kiyaye shi sosai.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster