Zambiri zazovuta
(CVE-2019-3568) mu pulogalamu yam'manja ya WhatsApp, yomwe imakupatsani mwayi wogwiritsa ntchito nambala yanu potumiza foni yopangidwa mwapadera. Kuwukira kopambana, kuyankha kuyimba koyipa sikufunikira; Komabe, kuyimba koteroko nthawi zambiri sikumawoneka mu chipika choyimbira ndipo kuukirako kumatha kuzindikirika ndi wogwiritsa ntchito.
Chiwopsezocho sichikugwirizana ndi protocol ya Signal, koma imayamba chifukwa cha kusefukira kwa buffer pagulu la WhatsApp la VoIP. Vutoli litha kugwiritsidwa ntchito potumiza mapaketi opangidwa mwapadera a SRTCP ku chipangizo cha wozunzidwayo. Kusatetezeka kumakhudza WhatsApp ya Android (yokhazikika mu 2.19.134), WhatsApp Business for Android (yokhazikika mu 2.19.44), WhatsApp ya iOS (2.19.51), WhatsApp Business ya iOS (2.19.51), WhatsApp ya Windows Phone ( 2.18.348) ndi WhatsApp ya Tizen (2.18.15).
Chochititsa chidwi, mu chaka chatha WhatsApp ndi Facetime Project Zero zidawonetsa vuto lomwe limalola kuti mauthenga owongolera omwe amalumikizidwa ndi kuyimba kwa mawu atumizidwe ndikusinthidwa pasiteji wogwiritsa ntchito asanalandire kuyimba. WhatsApp idalimbikitsidwa kuti ichotse izi ndipo idawonetsedwa kuti poyesa kuyesa kovutirapo, kutumiza mauthenga otere kumabweretsa kuwonongeka kwa mapulogalamu, i.e. Ngakhale chaka chatha zidadziwika kuti pali zofooka zomwe zingatheke mu code.
Pambuyo pozindikira zoyambira zoyeserera pazida Lachisanu, akatswiri a Facebook adayamba kupanga njira yodzitetezera, Lamlungu adatseka chipika pamlingo wachitetezo cha seva pogwiritsa ntchito workaround, ndipo Lolemba adayamba kugawa zosintha zomwe zidakhazikitsa pulogalamu yamakasitomala. Sizikudziwikabe kuti ndi zida zingati zomwe zidawukiridwa pogwiritsa ntchito kusatetezeka. Malipoti okhawo omwe adanenedwa anali kuyesa kosatheka Lamlungu kusokoneza foni yamakono ya m'modzi mwa omenyera ufulu wachibadwidwe pogwiritsa ntchito njira yokumbutsa ukadaulo wa NSO Group, komanso kuyesa kuukira foni ya wantchito wa bungwe lomenyera ufulu wa anthu Amnesty International.
Vuto linali lopanda kulengeza mosafunikira Kampani ya Israeli ya NSO Group, yomwe inatha kugwiritsa ntchito chiopsezo choyika mapulogalamu aukazitape pa mafoni a m'manja kuti iwonetsedwe ndi mabungwe azamalamulo. NSO idati imayang'ana makasitomala mosamala kwambiri (imangogwira ntchito ndi mabungwe azamalamulo ndi anzeru) ndikufufuza madandaulo onse akuzunzidwa. Makamaka, kuyesa tsopano kwayambitsidwa okhudzana ndi zojambulidwa pa WhatsApp.
NSO imakana kutenga nawo mbali pazowukira zapadera ndikungofuna kupanga ukadaulo wa mabungwe azidziwitso, koma womenyera ufulu wachibadwidwe akufuna kutsimikizira kukhoti kuti kampaniyo imagawana udindo ndi makasitomala omwe amazunza mapulogalamu omwe amaperekedwa kwa iwo, ndikugulitsa zinthu zake kuzinthu zomwe zimadziwika. kuphwanya ufulu wa anthu.
Facebook idayambitsa kafukufuku wokhudzana ndi kuwonongeka kwa zida ndipo sabata yatha idagawana mwachinsinsi zotsatira zoyamba ndi Unduna wa Zachilungamo ku US, komanso adadziwitsa mabungwe angapo omenyera ufulu wachibadwidwe za vutoli kuti agwirizane ndi chidziwitso cha anthu (pali pafupifupi 1.5 biliyoni yoyika WhatsApp padziko lonse lapansi).
Source: opennet.ru