Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo cha Samsung Android firmware chimagwiritsidwa ntchito potumiza MMS

Chiwopsezo cha Samsung Android firmware chimagwiritsidwa ntchito potumiza MMS

Mu purosesa yazithunzi ya Qmage yoperekedwa mu Samsung Android firmware, yomangidwa mu Skia graphics rendering system, kusatetezeka (CVE-2020-8899), yomwe imakupatsani mwayi wokonza ma code pokonza zithunzi za QM ndi QG (β€œ.qmg”) mu pulogalamu iliyonse. Kuti achite chiwembu, wosuta sayenera kuchita chilichonse; munjira yosavuta, ndikwanira kutumiza wozunzidwayo MMS, imelo, kapena uthenga wochezera wokhala ndi chithunzi chopangidwa mwapadera.

Vutoli limakhulupirira kuti lidakhalapo kuyambira 2014, kuyambira ndi firmware yochokera ku Android 4.4.4, yomwe inawonjezera kusintha kuti igwirizane ndi mawonekedwe owonjezera a QM, QG, ASTC ndi PIO (PNG variant). Kusatetezeka kuthetsedwa Π² zosintha Samsung firmware idatulutsidwa pa Meyi 6. Pulogalamu yayikulu ya Android ndi firmware kuchokera kwa opanga ena samakhudzidwa ndi vutoli.

Vutoli lidadziwika pakuyesa kwa fuzz ndi injiniya waku Google, yemwe adatsimikiziranso kuti kusatetezeka sikungochitika ngozi zokha ndipo adakonza chithunzithunzi chogwira ntchito chomwe chimadutsa chitetezo cha ASLR ndikuyambitsa chowerengera potumiza mauthenga angapo a MMS ku Samsung. Foni yamakono ya Galaxy Note 10+ yomwe ikuyendetsa nsanja ya Android 10.


Muchitsanzo chomwe chawonetsedwa, kugwiritsa ntchito bwino kumafuna pafupifupi mphindi 100 kuti aukire ndi kutumiza mauthenga opitilira 120. Kuchitapo kanthu kumakhala ndi magawo awiri - pagawo loyamba, kudutsa ASLR, adilesi yoyambira imatsimikiziridwa mu library libskia.so ndi libhwui.so, ndipo pagawo lachiwiri, mwayi wofikira pa chipangizocho umaperekedwa poyambitsa "reverse". chipolopolo". Kutengera kapangidwe ka kukumbukira, kudziwa adilesi yoyambira kumafuna kutumiza mauthenga kuchokera 75 mpaka 450.

Kuphatikiza apo, zitha kuzindikirika kusindikiza Zitha kukhala zokonzekera zachitetezo cha Android, zomwe zidakonza zovuta 39. Nkhani zitatu zaperekedwa pamlingo wowopsa (zambiri sizinafotokozedwe):

  • CVE-2020-0096 ndi chiwopsezo chakomweko chomwe chimalola kugwiritsa ntchito ma code pokonza fayilo yopangidwa mwapadera);
  • CVE-2020-0103 ndi chiwopsezo chakutali pamakina omwe amalola kugwiritsa ntchito ma code pokonza deta yopangidwa mwapadera;
  • CVE-2020-3641 ndi pachiwopsezo chazigawo za eni ake a Qualcomm).

Source: opennet.ru

Kuwonjezera ndemanga