Google teg num , uas npaj yuav nthuav tawm cov ntaub ntawv ntawm qhov tsis zoo hauv Android khoom siv los ntawm ntau lub tuam txhab OEM. Qhov kev pib yuav ua rau nws pom tseeb dua rau cov neeg siv txog qhov tsis zoo tshwj xeeb rau firmware nrog kev hloov kho los ntawm cov tuam txhab thib peb.
Txog rau tam sim no, cov ntaub ntawv tsis raug cai (Android Security Bulletins) tsuas yog cuam tshuam txog cov teeb meem hauv cov cai tseem ceeb uas muaj nyob rau hauv AOSP chaw cia khoom, tab sis tseem tsis tau suav nrog cov teeb meem tshwj xeeb rau kev hloov kho los ntawm OEMs. Twb Cov teeb meem cuam tshuam rau cov tuam txhab xws li ZTE, Meizu, Vivo, OPPO, Digitime, Transsion thiab Huawei.
Ntawm cov teeb meem txheeb xyuas:
- Hauv cov khoom siv Digitime, es tsis txhob kuaj xyuas kev tso cai ntxiv kom nkag mus rau OTA hloov tshiab kev pabcuam API ib tug hardcoded lo lus zais uas tso cai rau tus attacker ntsiag to nruab APK pob thiab hloov daim ntawv tso cai.
- Hauv lwm qhov browser nrov nrog qee cov OEMs tus tswj tus password nyob rau hauv daim ntawv ntawm JavaScript code uas khiav hauv cov ntsiab lus ntawm txhua nplooj ntawv. Ib qhov chaw tswj hwm los ntawm tus neeg tawm tsam tuaj yeem nkag mus rau tag nrho cov neeg siv tus password cia, uas tau encrypted siv DES algorithm tsis tuaj yeem thiab tus yuam sij nyuaj.
- Daim ntawv thov System UI ntawm Meizu li ntxiv cov lej los ntawm lub network yam tsis muaj encryption thiab kev txheeb xyuas kev sib txuas. Los ntawm kev saib xyuas tus neeg raug tsim txom HTTP tsheb, tus neeg tawm tsam tuaj yeem khiav nws cov cai hauv cov ntsiab lus ntawm daim ntawv thov.
- Vivo cov cuab yeej muaj checkUidPermission txoj kev ntawm PackageManagerService chav kawm kom tso cai ntxiv rau qee daim ntawv thov, txawm tias cov kev tso cai no tsis tau teev tseg hauv cov ntaub ntawv manifest. Hauv ib lub version, tus qauv tau tso cai rau cov ntawv thov nrog tus cim com.google.uid.shared. Hauv lwm lub version, cov npe pob raug kuaj tawm tsam cov npe kom tso cai.
Tau qhov twg los: opennet.ru