Lub Ob Hlis Android platform tseem ceeb teeb meem kho (CVE-2020-0022) hauv Bluetooth pawg, uas tso cai rau cov chaw taws teeb ua haujlwm los ntawm kev xa cov pob ntawv Bluetooth tsim tshwj xeeb. Qhov teeb meem tuaj yeem tsis pom los ntawm tus neeg tawm tsam hauv Bluetooth ntau. Nws yog qhov ua tau tias qhov tsis zoo tuaj yeem siv los tsim cov kab mob uas kis tau cov cuab yeej nyob sib ze hauv cov saw hlau.
Rau kev tawm tsam, nws txaus kom paub qhov chaw nyob MAC ntawm tus neeg raug tsim txom lub cuab yeej (tsis tas yuav ua ke ua ntej, tab sis Bluetooth yuav tsum tau qhib rau ntawm lub cuab yeej). Ntawm qee cov khoom siv, Bluetooth MAC chaw nyob yuav raug xam raws li Wi-Fi MAC chaw nyob. Yog tias qhov tsis zoo no tau ua tiav tiav, tus neeg tawm tsam tuaj yeem ua tiav nws cov cai nrog cov cai ntawm txheej txheem keeb kwm yav dhau los uas tswj hwm kev ua haujlwm ntawm Bluetooth hauv Android.
Qhov teeb meem yog tshwj xeeb rau Bluetooth pawg siv hauv Android (raws li cov cai los ntawm BlueDroid project los ntawm Broadcom) thiab tsis tshwm sim hauv BlueZ pawg siv ntawm Linux.
Cov kws tshawb fawb uas txheeb xyuas qhov teeb meem tuaj yeem npaj cov qauv ua haujlwm ntawm kev siv, tab sis cov ntsiab lus ntawm kev siv yuav yog Tom qab ntawd, tom qab qhov kho tau raug dov tawm mus rau feem ntau ntawm cov neeg siv. Nws tsuas yog paub tias qhov tsis zoo yog tam sim no nyob rau hauv cov cai rau rebuilding pob thiab Kev suav tsis raug ntawm qhov loj ntawm L2CAP (Logical txuas tswj thiab hloov raws tu qauv) pob ntawv, yog tias cov ntaub ntawv xa tawm los ntawm tus xa ntawv tshaj qhov xav tau loj.
Hauv Android 8 thiab 9, qhov teeb meem tuaj yeem ua rau kev ua tiav code, tab sis hauv Android 10 nws tsuas yog txwv rau kev sib tsoo ntawm keeb kwm yav dhau Bluetooth txheej txheem. Kev tshaj tawm qub ntawm Android muaj feem cuam tshuam los ntawm qhov teeb meem, tab sis kev siv dag zog ntawm qhov tsis zoo tsis tau sim. Cov neeg siv tau qhia kom nruab lub firmware hloov tshiab sai li sai tau, thiab yog tias qhov no ua tsis tau, tua Bluetooth los ntawm lub neej ntawd, tiv thaiv cov cuab yeej nrhiav pom, thiab qhib Bluetooth hauv cov chaw pej xeem tsuas yog thaum tsim nyog kiag li (xws li hloov wireless headphones nrog wired sawv daws yuav).
Ntxiv rau qhov teeb meem sau tseg hauv Cov txheej txheem txhim kho kev ruaj ntseg rau Android tshem tawm 26 qhov tsis zoo, ntawm qhov uas lwm qhov tsis zoo (CVE-2020-0023) tau muab rau qib tseem ceeb ntawm kev txaus ntshai. Qhov thib ob vulnerability kuj yog Bluetooth pawg thiab cuam tshuam nrog kev ua tsis raug ntawm BLUETOOTH_PRIVILEGED txoj cai hauv setPhonebookAccessPermission. Nyob rau hauv cov nqe lus ntawm vulnerabilities flagged raws li muaj kev pheej hmoo, 7 teeb meem tau hais nyob rau hauv lub moj khaum thiab daim ntaub ntawv, 4 nyob rau hauv lub system Cheebtsam, 2 nyob rau hauv lub ntsiav, thiab 10 nyob rau hauv qhib qhov chaw thiab proprietary Cheebtsam rau Qualcomm chips.
Tau qhov twg los: opennet.ru