Ko kana ndikakuudza kuti basa rega reimwe yeantivirus software yemidziyo ine yakavimbika siginecha yedhijitari ndeyekuunganidza zvese zvemukati zvakachengetwa mumabhurawuza eInternet anozivikanwa? Ko kana ndikataura kuti hazvina basa kuti ndezvaani zvaanofarira kuzviunganidza? Iwe unogona kunge uchifunga kuti ndiri kunyengera. Ngationei kuti zvakamira sei?
Kunzwisisa
Anorarama uye anogara akadaro antivirus kambani se . Inogadzira zvigadzirwa zvakasiyana zvine chekuita nekuchengetedza ruzivo. Kune kunyange zvigadzirwa zvemahara zvekushandisa pamba.
Ngatifarirei iyo yemahara vhezheni uye tione izvo chigadzirwa chevatinoshanda navo vekuGerman chingaite. Isu tinotarisa pamusoro peiyo interface - hapana chakajairika. Isu hatiwane chero kutaurwa kwechimwe chezvigadzirwa zvekambani - Avira Password Manager.
Ngatitarisei chikamu chine zita risingade kutariswa "Avira.PWM.NativeMessaging.exe"? Iyo inonyorerwa ye.NET papuratifomu uye haina kubvongodzwa neimwe nzira, saka tinoiisa mu dnSpy uye takasununguka kudzidza chirongwa chekodhi.
Chirongwa ichi chirongwa chekoni uye chinotarisira mirairo mune yakajairwa yekupinda rwizi. Main basa kushandisa "verenga" inoverenga data kubva murukova, inotarisa fomati uye inopfuudza murairo kune basa "ProcessMessage" Zvakafanana, zvakare, zvinotarisa kuti murairo wakatumirwa ndewe "toraChromePasswords"kana"fetchCredentials" (kunyangwe mutsauko upi unoita kana humwe hunhu hwakafanana?) uye ipapo chikamu chinonakidza chinotanga - kudana basa "RetrieveBrowserCredentials" Izvo zvinotonakidza ... chii chinogona kushanda nezita iro?
Hapana chakajairika, inongounganidza mune imwe runyorwa ese maakaundi emushandisi akachengetwa kana uchishanda nemabhurawuza eInternet "Chrome", "Opera" (yakavakirwa paChromium), "Firefox" uye "Edge" (yakavakirwa paChromium) uye inodzosera iyo data senge. JSON chinhu.
Zvakanaka, zvino inoratidza iyo yakaunganidzwa data kune console:
Hunhu hwechinetso
- Chikamu chinounganidza zvinyorwa zvevashandisi;
- Icho chikamu hachionese chirongwa chekufona (semuenzaniso, nekuti ine siginecha yedhijitari kubva kumugadziri wacho);
- Icho chikamu chine "chivimbwa" siginecha yedhijitari uye haisimudze kufungirana pakati pevamwe vanogadzira antivirus software;
- Chikamu chinomhanya sechishandiso chakasiyana.
IoC
SHA1: 13c95241e671b98342dba51741fd02621768ecd5.
CVE-2020-12680 yakapihwa iyi nyaya.
Musi wa07.04.2020/XNUMX/XNUMX ndakatumira tsamba nezvedambudziko iri ku: [email inodzivirirwa] ΠΈ [email inodzivirirwa] nerondedzero izere. Pakanga pasina tsamba dzekupindura, kusanganisira kubva kune otomatiki masisitimu. Kwapera mwedzi, chikamu chakatsanangurwa chichiri kugoverwa muAvira Yemahara Antivirus kugovera.
Source: www.habr.com