ProHoster > Блог > labaran intanet > Rashin lahani a cikin firmware na Samsung Android ana amfani da shi ta hanyar aika MMS

Rashin lahani a cikin firmware na Samsung Android ana amfani da shi ta hanyar aika MMS

A cikin na'ura mai sarrafa hoto na Qmage da aka kawo a cikin firmware na Samsung Android, wanda aka gina a cikin tsarin ma'auni na Skia, rauni (CVE-2020-8899), wanda ke ba ku damar tsara kisa na lamba lokacin sarrafa hotuna a cikin tsarin QM da QG (".qmg") a kowace aikace-aikace. Don kai hari, mai amfani baya buƙatar yin kowane aiki; a cikin mafi sauƙi, ya isa ya aika wanda aka azabtar da MMS, imel, ko saƙon taɗi mai ɗauke da hoto na musamman.

An yi imanin cewa matsalar tana nan tun 2014, farawa da firmware bisa Android 4.4.4, wanda ya ƙara canje-canje don ɗaukar ƙarin tsarin hoto na QM, QG, ASTC da PIO (PNG bambance-bambancen). Rashin lahani shafe в sabuntawa Samsung firmware ya fito a ranar 6 ga Mayu. Babban dandamalin Android da firmware daga sauran masana'antun ba su da matsala da matsalar.

An gano matsalar a lokacin gwajin fuzz ta injiniya daga Google, wanda kuma ya tabbatar da cewa raunin bai iyakance ga hadarurruka ba kuma ya shirya samfurin aiki na amfani da ke ƙetare kariyar ASLR kuma ya ƙaddamar da kalkuleta ta hanyar aika jerin saƙonnin MMS zuwa Samsung. Wayar Galaxy Note 10+ tana gudanar da dandamalin Android 10.


A cikin misalin da aka nuna, cin nasara ya buƙaci kusan mintuna 100 don kai hari da aika saƙonni sama da 120. Amfanin ya ƙunshi sassa biyu - a matakin farko, don keɓance ASLR, ana ƙayyade adireshin tushe a cikin ɗakunan karatu na libskia.so da libhwui.so, kuma a mataki na biyu, ana ba da damar shiga na'urar nesa ta hanyar ƙaddamar da "reverse". harsashi". Dangane da shimfidar žwažwalwar ajiya, ƙayyade adireshin tushe yana buƙatar aikawa daga saƙonni 75 zuwa 450.

Bugu da ƙari, ana iya lura da shi bazawa Za a iya saita gyare-gyaren tsaro don Android, wanda ya gyara lahani 39. Batutuwa guda uku an sanya su cikin matsanancin haɗari (har yanzu ba a bayyana cikakkun bayanai ba):

  • CVE-2020-0096 lahani ne na gida wanda ke ba da damar aiwatar da lamba yayin sarrafa fayil ɗin da aka kera na musamman);
  • CVE-2020-0103 rashin lahani ne mai nisa a cikin tsarin da ke ba da damar aiwatar da lambar yayin sarrafa bayanan waje na musamman da aka kera);
  • CVE-2020-3641 rauni ne a cikin abubuwan mallakar Qualcomm).

source: budenet.ru

Add a comment