Check Point yazindikira chiwopsezo mu ALAC (Apple Lossless Audio Codec) ma audio compression decoder operekedwa ndi MediaTek (CVE-2021-0674, CVE-2021-0675) ndi Qualcomm (CVE-2021-30351). Vutoli limalola kuti code yowukirayo ichitike mukakonza ma data opangidwa mwapadera mumtundu wa ALAC.
Kuopsa kwa chiwopsezo kumakulitsidwa chifukwa kumakhudza zida zomwe zikuyenda papulatifomu ya Android yokhala ndi tchipisi ta MediaTek ndi Qualcomm. Chifukwa cha chiwonongekocho, wowukirayo amatha kukonza kuphedwa kwa pulogalamu yaumbanda pa chipangizo chomwe chili ndi mwayi wolumikizana ndi ogwiritsa ntchito ndi ma multimedia data, kuphatikiza data kuchokera ku kamera. Akuti 2/3 mwa onse ogwiritsa ntchito mafoni a m'manja pogwiritsa ntchito nsanja ya Android amakhudzidwa ndi vutoli. Mwachitsanzo, ku US, gawo lonse la mafoni onse a Android omwe adagulitsidwa mu gawo lachinayi la 4 omwe adatumizidwa ndi MediaTek ndi Qualcomm chips anali 2021% (95.1% - MediaTek, 48.1% - Qualcomm).
Tsatanetsatane wakugwiritsa ntchito pachiwopsezochi sizinafotokozedwe, koma akuti zida za MediaTek ndi Qualcomm papulatifomu ya Android zidasinthidwa mu Disembala 2021. Lipoti la Disembala lokhudza kusatetezeka papulatifomu ya Android lidazindikira zovutazo ngati kusatetezeka kwambiri pazinthu za eni ake a tchipisi ta Qualcomm. Kuwopsa kwa zigawo za MediaTek sikunatchulidwe m'malipoti.
Kusatetezeka kumakhala kosangalatsa chifukwa cha mizu yake. Mu 2011, Apple inatsegula codec codec ya ALAC codec, yomwe imalola kukakamiza kwa deta popanda kutaya khalidwe, pansi pa chilolezo cha Apache 2.0, ndikupangitsa kuti zitheke kugwiritsa ntchito ma patent onse okhudzana ndi codec. Khodiyo idasindikizidwa koma idasiyidwa yosasungidwa ndipo sinasinthidwe kwazaka 11 zapitazi. Nthawi yomweyo, Apple idapitilizabe kuthandizira payokha kukhazikitsa komwe kumagwiritsidwa ntchito pamapulatifomu ake, kuphatikiza kuchotsa zolakwika ndi zofooka momwemo. MediaTek ndi Qualcomm adakhazikitsa ma codec awo a ALAC pamakhodi otseguka a Apple, koma sanaphatikizepo zovuta zomwe Apple adakhazikitsa pakukhazikitsa kwawo.
Palibe chidziwitso chokhudza kusatetezeka kwazinthu zina zomwe zimagwiritsanso ntchito nambala yakale ya ALAC. Mwachitsanzo, mawonekedwe a ALAC athandizidwa kuyambira FFmpeg 1.1, koma code yokhala ndi decoder kukhazikitsa imasungidwa mwachangu.
Source: opennet.ru