Cov kws tshawb fawb los ntawm Google Project Zero pab pawg tau tshaj tawm qhov kev tshawb pom ntawm 18 qhov tsis zoo hauv Samsung Exynos 5G / LTE / GSM modems. Plaub qhov kev pheej hmoo txaus ntshai tshaj plaws (CVE-2023-24033) tso cai rau kev ua tiav ntawm qib baseband nti los ntawm kev tswj hwm los ntawm kev siv Internet sab nraud. Raws li cov neeg sawv cev ntawm Google Project Zero, tom qab kev tshawb fawb ntxiv me ntsis, cov neeg tawm tsam tsim nyog yuav tuaj yeem npaj sai sai rau kev siv ua haujlwm uas ua rau nws muaj peev xwm los tswj tau nyob deb ntawm qib wireless module, paub tsuas yog tus neeg raug tsim txom tus xov tooj. Qhov kev tawm tsam tuaj yeem ua tiav los ntawm tus neeg siv tsis pom thiab tsis xav kom nws ua ib yam dab tsi.
Qhov seem 14 qhov tsis zoo muaj qhov qis qis dua, vim tias qhov kev tawm tsam yuav tsum tau nkag mus rau cov txheej txheem ntawm tus neeg siv xov tooj ntawm tes lossis hauv zos nkag mus rau tus neeg siv lub cuab yeej. Nrog rau qhov tshwj xeeb ntawm CVE-2023-24033 qhov tsis zoo, kev txhim kho uas tau thov hauv lub Peb Hlis firmware hloov tshiab rau Google Pixel li, cov teeb meem tseem tsis tau kho. Qhov tsuas yog paub txog qhov tsis zoo ntawm CVE-2023-24033 yog tias nws yog tshwm sim los ntawm kev kuaj xyuas tsis raug ntawm hom "tau txais hom" tus cwj pwm xa hauv SDP (Session Description Protocol) cov lus.
Txog thaum cov chaw tsim khoom raug kho, cov neeg siv tau pom zoo kom lov tes taw VoLTE (Voice-over-LTE) kev txhawb nqa thiab kev hu xov tooj ntawm Wi-Fi hauv qhov chaw. Vulnerabilities manifest lawv tus kheej hauv cov khoom nruab nrog Exynos chips, piv txwv li, hauv Samsung smartphones (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 thiab A04), Vivo (S16, S15, S6, X70, X60 thiab X30), Google Pixel (6 thiab 7), nrog rau cov khoom siv coj los siv tau raws li Exynos W920 chipset thiab automotive systems nrog Exynos Auto T5123 nti.
Vim muaj kev txaus ntshai ntawm qhov tsis zoo thiab qhov tseeb ntawm qhov tshwm sim sai ntawm kev siv dag zog, Google tau txiav txim siab ua qhov kev zam rau 4 qhov teeb meem txaus ntshai tshaj plaws thiab ncua kev nthuav tawm cov ntaub ntawv hais txog qhov xwm txheej ntawm cov teeb meem. Rau qhov seem ntawm qhov tsis zoo, cov ntsiab lus nthuav tawm yuav ua raws li 90 hnub tom qab cov chaw tsim khoom tau ceeb toom (cov ntaub ntawv hais txog qhov tsis zoo CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075 thiab CVE -2023-26076 twb muaj nyob rau hauv kab laum taug qab qhov system, thiab rau qhov seem 9 qhov teeb meem, 90-hnub tos tseem tsis tau tas sijhawm). Cov ntaub ntawv tshaj tawm qhov tsis zoo CVE-2023-2607* yog tshwm sim los ntawm qhov tsis txaus thaum txiav txim siab qee yam kev xaiv thiab cov npe hauv NrmmMsgCodec thiab NrSmPcoCodec codecs.
Tau qhov twg los: opennet.ru