Google kanthu , yomwe ikukonzekera kuwulula zambiri pazachiwopsezo pazida za Android kuchokera kwa opanga osiyanasiyana a OEM. Cholingacho chipangitsa kuti chiwonekere kwa ogwiritsa ntchito pazowopsa za firmware ndi zosintha kuchokera kwa opanga gulu lachitatu.
Mpaka pano, malipoti okhudzana ndi chiopsezo (Android Security Bulletins) amangowonetsa zovuta pamakhodi apakati omwe amaperekedwa munkhokwe ya AOSP, koma sanaganizirepo zakusintha kwa OEMs. Kale Mavutowa amakhudza opanga monga ZTE, Meizu, Vivo, OPPO, Digitime, Transsion ndi Huawei.
Zina mwa zovuta zomwe zadziwika:
- Pazida za Digitime, m'malo moyang'ana zilolezo zowonjezera kuti mulowetse API ya OTA update install service mawu achinsinsi olimba omwe amalola wowukirayo kukhazikitsa mwakachetechete phukusi la APK ndikusintha zilolezo za pulogalamu.
- Mu msakatuli wina wotchuka ndi ma OEM ena password manager mu mawonekedwe a JavaScript code yomwe imayenda motsatira tsamba lililonse. Tsamba lolamulidwa ndi wowukirayo litha kupeza mwayi wokwanira wosungira mawu achinsinsi a wogwiritsa ntchito, omwe adasungidwa pogwiritsa ntchito algorithm yosadalirika ya DES ndi kiyi yolimba.
- Ntchito ya System UI pazida za Meizu ma code owonjezera kuchokera pa netiweki popanda kubisa ndi kutsimikizira kulumikizana. Poyang'anira kuchuluka kwa anthu omwe akhudzidwa ndi HTTP, wowukirayo amatha kuyendetsa nambala yake malinga ndi zomwe akugwiritsa ntchito.
- Zida za Vivo zinali nazo checkUidPermission njira ya gulu la PackageManagerService kuti mupereke zilolezo kuzinthu zina, ngakhale zilolezozi sizinatchulidwe mufayilo yowonetsera. Mu mtundu umodzi, njirayo idapereka chilolezo ku mapulogalamu omwe ali ndi chizindikiritso com.google.uid.shared. Mu mtundu wina, mayina a phukusi adawunikidwa pamndandanda kuti apereke zilolezo.
Source: opennet.ru