Yuav ua li cas yog tias kuv tau hais rau koj tias tsuas yog kev ua haujlwm ntawm ib qho ntawm cov software tiv thaiv kab mob uas muaj kev ntseeg siab digital kos npe yog sau tag nrho koj cov ntawv pov thawj khaws cia hauv Internet browsers nrov? Yuav ua li cas yog kuv hais tias nws tsis muaj teeb meem rau nws uas nws nyiam nws yog los sau lawv? Tej zaum koj yuav xav tias kuv yog delusional. Cia peb saib nws tiag tiag li cas?
Kev nkag siab
Nyob thiab nyob xws li lub tuam txhab antivirus li . Tsim ntau yam khoom muaj feem xyuam rau cov ntaub ntawv kev ruaj ntseg. Tseem muaj cov khoom pub dawb rau siv hauv tsev.
Cia peb xav txog qhov dawb version thiab saib seb cov khoom ntawm peb cov npoj yaig German tuaj yeem ua li cas. Peb ntsia ntawm lub interface - tsis muaj dab tsi txawv. Peb tsis pom ib qho kev hais txog lwm yam ntawm lub tuam txhab cov khoom - Avira Password Manager.
Cia peb saib cov khoom siv nrog lub npe uas tsis nyiam mloog "Avira.PWM.NativeMessaging.exe"? Nws yog muab tso ua ke rau .NET platform thiab tsis yog obfuscated nyob rau hauv txhua txoj kev, yog li peb thauj nws mus rau hauv dnSpy thiab dawb do kawm cov kev pab cuam code.
Qhov kev zov me nyuam yog ib qho kev pab cuam console thiab nws xav kom cov lus txib nyob rau hauv tus qauv input kwj. Main function siv "nyeem"nyeem cov ntaub ntawv los ntawm cov kwj dej, tshawb xyuas cov hom ntawv thiab hla cov lus txib mus rau qhov ua haujlwm"ProcessMessage" Tib yam, nyob rau hauv lem, xyuas tias cov lus txib kis tau yog "fetchChromePasswords"los yog"nqa daim ntawv pov thawj"(txawm hais tias qhov sib txawv ua rau yog tias tus cwj pwm txuas ntxiv yog tib yam?) thiab tom qab ntawd qhov nthuav tshaj plaws pib - hu rau lub luag haujlwm "RetrieveBrowserCredentials" Nws tseem nthuav ... dab tsi tuaj yeem ua haujlwm nrog lub npe ntawd?
Tsis muaj dab tsi txawv txav, nws tsuas yog sau rau hauv ib daim ntawv teev tag nrho cov neeg siv nyiaj khaws tseg thaum ua haujlwm nrog Internet browsers "Chrome", "Opera" (raws li Chromium), "Firefox" thiab "Edge" (raws li Chromium) thiab rov qab cov ntaub ntawv raws li ib tug. JSON khoom.
Zoo, tom qab ntawd nws qhia cov ntaub ntawv khaws cia rau lub console:
Tus essence ntawm qhov teeb meem
- Cov khoom siv sau cov ntaub ntawv pov thawj ntawm cov neeg siv khoom;
- Cov khoom tivthaiv tsis txheeb xyuas qhov kev pabcuam hu (piv txwv li, seb nws puas muaj tus lej kos npe los ntawm cov chaw tsim khoom nws tus kheej);
- Cov tshuaj tivthaiv muaj "kev ntseeg siab" kos npe digital thiab tsis ua rau muaj kev tsis txaus ntseeg ntawm lwm cov tuam txhab tiv thaiv kab mob;
- Cov khoom siv khiav raws li daim ntawv thov cais.
IoC
SHA1: 13c95241e671b98342dba51741fd02621768ecd5.
CVE-2020-12680 tau tshaj tawm rau qhov teeb meem no.
Hnub tim 07.04.2020/XNUMX/XNUMX kuv xa tsab ntawv hais txog qhov teeb meem no mus rau: [email tiv thaiv] ΠΈ [email tiv thaiv] nrog cov lus piav qhia tag nrho. Tsis muaj cov ntawv teb, suav nrog los ntawm cov tshuab tsis siv neeg. Ib hlis tom qab, cov lus piav qhia tseem tau muab faib rau hauv Avira Free Antivirus faib.
Tau qhov twg los: www.hab.com