ProHoster > Блог > labaran intanet > Rashin lahani a cikin kwakwalwan kwamfuta na Qualcomm wanda ke ba da damar kai hari ga na'urar Android ta hanyar Wi-Fi

Rashin lahani a cikin kwakwalwan kwamfuta na Qualcomm wanda ke ba da damar kai hari ga na'urar Android ta hanyar Wi-Fi

A cikin tarin guntu mara waya ta Qualcomm gano lahani uku da aka gabatar a ƙarƙashin sunan lambar "QualPwn". Fitowar farko (CVE-2019-10539) tana ba da damar a kai wa na'urorin Android hari daga nesa ta hanyar Wi-Fi. Matsala ta biyu tana nan a cikin firmware na mallakar mallaka tare da tarin mara waya ta Qualcomm kuma tana ba da damar shiga modem ɗin baseband (CVE-2019-10540). Matsala ta uku ba a cikin direban icnss (CVE-2019-10538) kuma yana ba da damar cimma nasarar aiwatar da lambar sa a matakin kernel na dandamalin Android. Idan an yi nasarar yin amfani da haɗin haɗin waɗannan raunin, maharin na iya samun ikon sarrafa na'urar mai amfani da Wi-Fi a kanta (harrin yana buƙatar haɗa wanda aka azabtar da wanda ya kai harin zuwa hanyar sadarwa mara waya ɗaya).

An nuna ƙarfin harin don wayoyin hannu na Google Pixel2 da Pixel3. Masu bincike sun kiyasta cewa matsalar na iya shafar na'urori sama da 835 dangane da Qualcomm Snapdragon 835 SoC da sabbin kwakwalwan kwamfuta (farawa daga Snapdragon 835, WLAN firmware an haɗa shi tare da tsarin modem kuma yana aiki azaman keɓaɓɓen aikace-aikacen a cikin sararin mai amfani). By bayarwa Qualcomm, matsalar tana shafar kwakwalwan kwamfuta dozin da yawa.

A halin yanzu, kawai cikakkun bayanai game da raunin da ake samu, da cikakkun bayanai an shirya za a bayyana a ranar 8 ga Agusta a taron Black Hat. An sanar da Qualcomm da Google matsalolin a cikin Maris kuma sun riga sun fitar da gyare-gyare (An sanar da Qualcomm game da matsalolin a ciki). Rahoton watan Yuni, kuma Google yana da ƙayyadaddun lahani a ciki Agusta Sabunta dandamali na Android). Ana ba da shawarar duk masu amfani da na'urori dangane da guntuwar Qualcomm don shigar da sabuntawar da ke akwai.

Baya ga batutuwan da suka shafi kwakwalwan kwamfuta na Qualcomm, sabuntawar Agusta zuwa dandamali na Android kuma yana kawar da mummunan rauni (CVE-2019-11516) a cikin tarin Broadcom Bluetooth, wanda ke ba maharin damar aiwatar da lambar su a cikin mahallin gata tsari ta hanyar. aika buƙatar canja wurin bayanai na musamman. An warware wani rauni (CVE-2019-2130) a cikin abubuwan tsarin Android waɗanda zasu iya ba da izinin aiwatar da lambar tare da manyan gata yayin sarrafa fayilolin PAC na musamman.

source: budenet.ru

Add a comment