ProHoster > ื‘ืœื•ื’ > ืžื™ื ื”ืœ > ื’ื ื™ื‘ืช ืกื™ืกืžืื•ืช ื‘ืชื•ื›ื ืช ืื ื˜ื™ ื•ื™ืจื•ืก ื—ื™ื ืžื™ืช Avira

ื’ื ื™ื‘ืช ืกื™ืกืžืื•ืช ื‘ืชื•ื›ื ืช ืื ื˜ื™ ื•ื™ืจื•ืก ื—ื™ื ืžื™ืช Avira

ืžื” ืื ืื’ื™ื“ ืœืš ืฉื”ืคื•ื ืงืฆื™ื” ื”ื™ื—ื™ื“ื” ืฉืœ ืื—ื“ ืžืจื›ื™ื‘ื™ ืชื•ื›ื ืช ื”ืื ื˜ื™ ื•ื™ืจื•ืก ืฉื™ืฉ ืœื”ื ื—ืชื™ืžื” ื“ื™ื’ื™ื˜ืœื™ืช ืžื”ื™ืžื ื” ื”ื™ื ืœืืกื•ืฃ ืืช ื›ืœ ื”ืื™ืฉื•ืจื™ื ืฉืœืš ื”ืžืื•ื—ืกื ื™ื ื‘ื“ืคื“ืคื ื™ ืื™ื ื˜ืจื ื˜ ืคื•ืคื•ืœืจื™ื™ื? ืžื” ืื ืื ื™ ืื’ื™ื“ ืฉื–ื” ืœื ืžืฉื ื” ืœื• ื”ืื™ื ื˜ืจืกื™ื ืฉืœ ืžื™ ืœืืกื•ืฃ ืื•ืชื? ืืชื” ื‘ื˜ื— ืชื—ืฉื•ื‘ ืฉืื ื™ ื”ื•ื–ื”. ื‘ื•ื ื ืจืื” ืื™ืš ื–ื” ื‘ืืžืช?

ื”ึฒื‘ึธื ึธื”

ื—ื™ื” ื•ื—ื™ื” ื—ื‘ืจืช ืื ื˜ื™ ื•ื™ืจื•ืก ื›ื–ื• ื›ืžื• Avira GmbH & Co. ืง"ื’. ืžื™ื™ืฆืจืช ืžื•ืฆืจื™ื ืฉื•ื ื™ื ื”ืงืฉื•ืจื™ื ืœืื‘ื˜ื—ืช ืžื™ื“ืข. ื™ืฉ ืืคื™ืœื• ืžื•ืฆืจื™ื ื—ื™ื ืžื™ื™ื ืœืฉื™ืžื•ืฉ ื‘ื™ืชื™.

ื‘ื•ืื• ื ืชืขื ื™ื™ืŸ ื‘ื’ืจืกื” ื”ื—ื™ื ืžื™ืช ื•ื ืจืื” ืžื” ื”ืžื•ืฆืจ ืฉืœ ืขืžื™ืชื™ื ื• ื”ื’ืจืžื ื™ื ื™ื›ื•ืœ ืœืขืฉื•ืช. ืื ื—ื ื• ืžืฆื™ืฆื™ื ืขืœ ื”ืžืžืฉืง - ืฉื•ื ื“ื‘ืจ ื™ื•ืฆื ื“ื•ืคืŸ. ืื ื—ื ื• ืœื ืžื•ืฆืื™ื ืื–ื›ื•ืจ ืœืžื•ืฆืจ ืื—ืจ ืฉืœ ื”ื—ื‘ืจื” - Avira Password Manager.

ื‘ื•ืื• ื ืกืชื›ืœ ืขืœ ื”ืจื›ื™ื‘ ืขื ื”ืฉื ืฉืื™ื ื• ืžื•ืฉืš ืชืฉื•ืžืช ืœื‘ "Avira.PWM.NativeMessaging.exe"? ื”ื•ื ืžื•ืจื›ื‘ ืขื‘ื•ืจ ืคืœื˜ืคื•ืจืžืช NET ื•ืื™ื ื• ืžืขื•ืจืคืœ ื‘ืฉื•ื ืฆื•ืจื”, ืื– ืื ื• ืžื˜ื™ืœื™ื ืื•ืชื• ืœ-dnSpy ื•ืœื•ืžื“ื™ื ื‘ื—ื•ืคืฉื™ื•ืช ืืช ืงื•ื“ ื”ืชื•ื›ื ื™ืช.

ื”ืชื•ื›ื ื™ืช ื”ื™ื ืชื•ื›ื ื™ืช ืžืกื•ืฃ ื•ื”ื™ื ืžืฆืคื” ืœืคืงื•ื“ื•ืช ื‘ื–ืจื ื”ืงืœื˜ ื”ืกื˜ื ื“ืจื˜ื™. ืคื•ื ืงืฆื™ื” ืจืืฉื™ืช ื‘ืืžืฆืขื•ืช "ื—ื•ืžืจ ืขื™ื•ื ื™"ืงื•ืจื ื ืชื•ื ื™ื ืžื”ื–ืจื, ื‘ื•ื“ืง ืืช ื”ืคื•ืจืžื˜ ื•ืžืขื‘ื™ืจ ืืช ื”ืคืงื•ื“ื” ืœืคื•ื ืงืฆื™ื”"ืชื”ืœื™ืš ืชื”ืœื™ื›ื™ื" ืื•ืชื• ื“ื‘ืจ, ื‘ืชื•ืจื•, ื‘ื•ื“ืง ืฉื”ืคืงื•ื“ื” ื”ืžื•ืขื‘ืจืช ื”ื™ื "fetchChromePasswords"ืื•"fetchCredentials" (ืื ื›ื™ ืžื” ื–ื” ืžืฉื ื” ืื ื”ื”ืชื ื”ื’ื•ืช ื”ื ื•ืกืคืช ื–ื”ื”?) ื•ืื– ืžืชื—ื™ืœ ื”ื—ืœืง ื”ืžืขื ื™ื™ืŸ ื‘ื™ื•ืชืจ - ืœืงืจื•ื ืœืคื•ื ืงืฆื™ื” "ืื—ื–ืจ ืื™ืฉื•ืจื™ ื“ืคื“ืคืŸ" ื–ื” ืืคื™ืœื• ืžืขื ื™ื™ืŸ... ืžื” ื™ื›ื•ืœื” ืคื•ื ืงืฆื™ื” ืขื ื”ืฉื ื”ื–ื” ืœืขืฉื•ืช?

ื’ื ื™ื‘ืช ืกื™ืกืžืื•ืช ื‘ืชื•ื›ื ืช ืื ื˜ื™ ื•ื™ืจื•ืก ื—ื™ื ืžื™ืช Avira

ืฉื•ื ื“ื‘ืจ ื™ื•ืฆื ื“ื•ืคืŸ, ื”ื•ื ืคืฉื•ื˜ ืื•ืกืฃ ืœืจืฉื™ืžื” ืื—ืช ืืช ื›ืœ ื—ืฉื‘ื•ื ื•ืช ื”ืžืฉืชืžืฉ ืฉื ืฉืžืจื• ื‘ืขืช ืขื‘ื•ื“ื” ืขื ื“ืคื“ืคื ื™ ื”ืื™ื ื˜ืจื ื˜ "Chrome", "Opera" (ืžื‘ื•ืกืก ืขืœ Chromium), "Firefox" ื•-"Edge" (ืžื‘ื•ืกืก ืขืœ Chromium) ื•ืžื—ื–ื™ืจ ืืช ื”ื ืชื•ื ื™ื ื‘ืชื•ืจ ืื•ื‘ื™ื™ืงื˜ JSON.

ื’ื ื™ื‘ืช ืกื™ืกืžืื•ืช ื‘ืชื•ื›ื ืช ืื ื˜ื™ ื•ื™ืจื•ืก ื—ื™ื ืžื™ืช Avira

ื•ื‘ื›ืŸ, ืื– ื–ื” ืžืฆื™ื’ ืืช ื”ื ืชื•ื ื™ื ืฉื ืืกืคื• ืœืžืกื•ืฃ:

ื’ื ื™ื‘ืช ืกื™ืกืžืื•ืช ื‘ืชื•ื›ื ืช ืื ื˜ื™ ื•ื™ืจื•ืก ื—ื™ื ืžื™ืช Avira

ืžื”ื•ืช ื”ื‘ืขื™ื”

  • ื”ืจื›ื™ื‘ ืื•ืกืฃ ืื™ืฉื•ืจื™ ืžืฉืชืžืฉ;
  • ื”ืจื›ื™ื‘ ืื™ื ื• ืžืืžืช ืืช ื”ืชื•ื›ื ื™ืช ื”ืžืชืงืฉืจืช (ืœื“ื•ื’ืžื”, ืื ื™ืฉ ืœื” ื—ืชื™ืžื” ื“ื™ื’ื™ื˜ืœื™ืช ืžื”ื™ืฆืจืŸ ืขืฆืžื•);
  • ืœืจื›ื™ื‘ ื™ืฉ ื—ืชื™ืžื” ื“ื™ื’ื™ื˜ืœื™ืช "ืžื”ื™ืžื ื”" ื•ืื™ื ื• ืžืขื•ืจืจ ื—ืฉื“ ื‘ืงืจื‘ ื™ืฆืจื ื™ื•ืช ืชื•ื›ื ื•ืช ืื ื˜ื™-ื•ื™ืจื•ืก ืื—ืจื•ืช;
  • ื”ืจื›ื™ื‘ ืคื•ืขืœ ื›ืืคืœื™ืงืฆื™ื” ื ืคืจื“ืช.

IoC

SHA1: 13c95241e671b98342dba51741fd02621768ecd5.

CVE-2020-12680 ื”ื•ื ืคืง ืขื‘ื•ืจ ื‘ืขื™ื” ื–ื•.

ื‘-07.04.2020/XNUMX/XNUMX ืฉืœื—ืชื™ ืžื›ืชื‘ ืขืœ ื‘ืขื™ื” ื–ื• ืืœ: [ืžื•ื’ืŸ ื‘ื“ื•ื"ืœ] ะธ [ืžื•ื’ืŸ ื‘ื“ื•ื"ืœ] ืขื ืชื™ืื•ืจ ืžืœื. ืœื ื”ื™ื• ืžื›ืชื‘ื™ ืชื’ื•ื‘ื”, ื›ื•ืœืœ ืžืžืขืจื›ื•ืช ืื•ื˜ื•ืžื˜ื™ื•ืช. ื—ื•ื“ืฉ ืœืื—ืจ ืžื›ืŸ, ื”ืจื›ื™ื‘ ื”ืžืชื•ืืจ ืขื“ื™ื™ืŸ ืžื•ืคืฅ ื‘ื”ืคืฆืช Avira Free Antivirus.

ืžืงื•ืจ: www.habr.com

ื”ื•ืกืคืช ืชื’ื•ื‘ื”