ProHoster > Блог > labaran intanet > Rashin lafiya a cikin tarin Bluetooth Linux, macOS, Android da iOS, wanda ke ba da damar maye gurbin bugun maɓalli

Rashin lafiya a cikin tarin Bluetooth Linux, macOS, Android da iOS, wanda ke ba da damar maye gurbin bugun maɓalli

Marc Newlin, wanda ya gano raunin MouseJack shekaru bakwai da suka gabata, ya bayyana irin wannan raunin (CVE-2023-45866) wanda ya shafi tarin Bluetooth. Android, Linux, macOS da iOS, kuma yana ba da damar maye gurbin bugun maɓalli ta hanyar kwaikwayon ayyukan na'urar shigarwa da aka haɗa da Bluetooth. Tare da damar shiga madannai, mai hari zai iya yin ayyuka kamar gudanar da umarni a cikin tsarin, shigar da aikace-aikace, da tura saƙonni.

Rashin lafiyar na faruwa ne sakamakon yanayin da ke cikin direbobin HID (Na'urar Hulɗar Dan Adam) na Bluetooth wanda ke ba da damar na'urar nesa ta ƙirƙiri da kafa haɗin da aka ɓoye ba tare da tantancewa ba. Daga cikin wasu abubuwa, na'urorin da aka haɗa ta wannan hanyar na iya aika saƙonnin madannai, waɗanda HID ke tattarawa, wanda ke ba da damar maye gurbin saƙon HID na nesa ba tare da hulɗar mai amfani ba. Ana iya aiwatar da harin daga nisan mita 100 daga wanda abin ya shafa.

An bayyana tsarin haɗa na'urori ba tare da tantancewa ba a cikin ƙayyadaddun bayanai na Bluetooth kuma, dangane da saitunan tarin Bluetooth, yana ba da damar haɗa na'ura ba tare da tabbatarwa daga mai amfani ba. Linux Lokacin amfani da BlueZ Bluetooth stack don haɗa kai a ɓoye, adaftar Bluetooth dole ne ta kasance a yanayin ganowa da haɗi. Android Kawai kunna tallafin Bluetooth ya isa. A cikin iOS da macOS Domin kai hari, dole ne a kunna Bluetooth kuma a haɗa madannai mara waya.

Ana nuna yiwuwar maye gurbin shigarwa a cikin Ubuntu 18.04, 20.04, 22.04, da 23.10 tare da tsarin Bluetooth bisa ga fakitin Bluez. ChromeOS ba shi da rauni, saboda saitunan tsarin Bluetooth ɗinsa ba sa ba da damar haɗi ba tare da tantancewa ba. Android Rashin lafiyar yana shafar na'urori masu sigar dandamali daga 4.2.2 zuwa 14. macOS An nuna raunin a cikin MacBook Pro na 2022 tare da Apple M2 CPU da macOS 13.3.3 da MacBook Air 2017 tare da Intel CPU da macOS 12.6.7. A cikin iOS, an nuna raunin a cikin iPhone SE tare da iOS 16.6. Kunna yanayin kullewa baya kare kai daga hare-hare akan macOS da kuma iOS.

В Linux An gyara raunin a cikin tushen lambar Bluez ta hanyar saita saitin "ClassicBondedOnly" zuwa "gaskiya," wanda ke ba da damar yanayin tsaro wanda ke ba da damar haɗi kawai bayan haɗawa. A da, an saita saitin zuwa "ƙarya," wanda ya magance matsalolin daidaitawa da wasu na'urorin shigarwa akan farashin tsaro.

A cikin tarin Bluetooth na Fluoride da aka yi amfani da shi a cikin fitowar kwanan nan Android, an magance matsalar ta hanyar tilasta tabbatar da duk hanyoyin haɗin da aka ɓoye. Gyara don Android An ƙirƙira shi ne kawai don rassan 11-14. Ga na'urorin Pixel, an gyara raunin a cikin sabunta firmware na Disamba. Don fitarwa Android Daga 4.2.2 zuwa 10 raunin bai yi wani tasiri ba.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster