Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo cha tchipisi cha Qualcomm chomwe chimalola kuwukira chida cha Android kudzera pa Wi-Fi

Chiwopsezo cha tchipisi cha Qualcomm chomwe chimalola kuwukira chida cha Android kudzera pa Wi-Fi

Mu Qualcomm's wireless chip stack kudziwika Zowopsa zitatu zoperekedwa pansi pa dzina la "QualPwn". Nkhani yoyamba (CVE-2019-10539) imalola zida za Android kuti ziwukidwe kutali kudzera pa Wi-Fi. Vuto lachiwiri likupezeka mu firmware yomwe ili ndi Qualcomm opanda zingwe ndipo imalola mwayi wopeza modemu ya baseband (CVE-2019-10540). Vuto lachitatu kupezeka mu driver wa icnss (CVE-2019-10538) ndikupangitsa kuti zitheke kukwaniritsa ma code ake pamlingo wa kernel wa nsanja ya Android. Ngati kuphatikiza kwa zovuta izi kugwiritsiridwa ntchito bwino, wowukirayo atha kuwongolera chida cha wogwiritsa ntchito pomwe Wi-Fi imagwira (chiwopsezocho chimafuna kuti wozunzidwayo ndi wowukirayo alumikizike pamanetiweki opanda zingwe).

Kuthekera kowukirako kudawonetsedwa kwa mafoni a Google Pixel2 ndi Pixel3. Ofufuza akuyerekeza kuti vutoli likhoza kukhudza zida zopitilira 835 zochokera ku Qualcomm Snapdragon 835 SoC ndi tchipisi tatsopano (kuyambira ndi Snapdragon 835, firmware ya WLAN idaphatikizidwa ndi kagawo kakang'ono ka modemu ndipo idayenda ngati pulogalamu yokhayokha mu malo ogwiritsa ntchito). Wolemba zoperekedwa Qualcomm, vutoli limakhudza tchipisi angapo osiyanasiyana.

Pakadali pano, zidziwitso zokhazokha zokhudzana ndi zovuta zomwe zilipo, komanso zambiri anakonza kuti ziwululidwe pa Ogasiti 8 pamsonkhano wa Black Hat. Qualcomm ndi Google adadziwitsidwa zamavuto mu Marichi ndipo adatulutsa kale zokonza (Qualcomm idadziwitsidwa zamavuto omwe ali mu Marichi. Lipoti la June, ndipo Google ili ndi zovuta zokhazikika Ogasiti Kusintha kwa nsanja ya Android). Onse ogwiritsa ntchito zida zochokera ku Qualcomm tchipisi akulimbikitsidwa kukhazikitsa zosintha zomwe zilipo.

Kuphatikiza pazovuta zokhudzana ndi tchipisi ta Qualcomm, kusinthidwa kwa Ogasiti papulatifomu ya Android kumachotsanso chiwopsezo chachikulu (CVE-2019-11516) mu Broadcom Bluetooth stack, yomwe imalola wowukira kuti agwiritse ntchito code yawo malinga ndi mwayi wamwayi. kutumiza pempho losamutsa deta lopangidwa mwapadera. Chiwopsezo (CVE-2019-2130) chathetsedwa m'zigawo zamakina a Android zomwe zitha kuloleza kugwiritsa ntchito ma code ndi mwayi wapamwamba pokonza mafayilo opangidwa mwapadera a PAC.

Source: opennet.ru

Kuwonjezera ndemanga