Ruzivo nezve zvakakosha
(CVE-2019-3568) muWhatsApp nharembozha, iyo inokutendera kuti uite kodhi yako nekutumira yakanyatsogadzirirwa kufona kwezwi. Kuti ubudirire kurwiswa, mhinduro kunhare yakaipa haidiwe; kufona kwakaringana. Nekudaro, kufona kwakadaro kazhinji hakuratidzike mugwaro rekufona uye kurwiswa kunogona kuenda kusingaonekwe nemushandisi.
Kusagadzikana hakunei neSignal protocol, asi kunokonzerwa nekuwanda kwebuffer muWhatsApp-yakananga VoIP stack. Dambudziko rinogona kushandiswa nekutumira yakanyatsogadzirirwa akatevedzana eSRTCP mapaketi kune mudziyo weakabatwa. Kusagadzikana kunokanganisa WhatsApp yeApple (yakagadziriswa 2.19.134), WhatsApp Bhizinesi reAroid (yakagadziriswa muna 2.19.44), WhatsApp yeIOS (2.19.51), WhatsApp Bhizinesi reIOS (2.19.51), WhatsApp yeWindows Foni ( 2.18.348) uye WhatsApp yeTizen (2.18.15).
Sezvineiwo, mugore rapfuura WhatsApp neFacetime Project Zero yakakwevera kutarisa kune chikanganiso chinobvumira mameseji ekudzora ane chekuita nezwi rekufona kuti atumirwe uye agadziriswe pachinhanho mushandisi asati agamuchira kufona. WhatsApp yakakurudzirwa kuti ibvise chimiro ichi uye yakaratidzwa kuti kana uchiita bvunzo inotyisa, kutumira mameseji akadaro kunotungamira kuputsika kweapp, i.e. Kunyangwe gore rapfuura zvaizivikanwa kuti pane zvingangove zvisizvo mukodhi.
Mushure mekuzivisa ekutanga maratidziro ekukanganisa kwechishandiso neChishanu, mainjiniya eFacebook akatanga kugadzira nzira yekudzivirira, nemusi weSvondo vakavharira buri padanho rekuvakira server vachishandisa workaround, uye nemusi weMuvhuro vakatanga kugovera dhizaini yakagadzirisa software yemutengi. Hazvisati zvanyatsojeka kuti maturusi mangani akarwiswa pachishandiswa vulnerability. Kuedza chete kusina kubudirira kwakashumwa musi weSvondo kukanganisa smartphone yemumwe wevanorwira kodzero dzevanhu vachishandisa nzira inoyeuchidza teknolojia yeNSO Group, pamwe nekuedza kurwisa smartphone yemushandi wesangano rekodzero dzevanhu Amnesty International.
Dambudziko rakanga riri pasina kushambadza zvisina basa Kambani yeIsrael NSO Group, iyo yakakwanisa kushandisa kusagadzikana kuisa spyware pama smartphones kuti ipe kuongororwa nevemutemo. NSO yakati inoongorora vatengi nekuchenjera (inongoshanda nevemutemo nevehungwaru masangano) uye inoongorora zvichemo zvese zvekushungurudzwa. Kunyanya, muyedzo ikozvino wakatangwa une chekuita neakarekodhwa kurwiswa paWhatsApp.
NSO inoramba kupindira mukurwiswa chaiko uye ichiti chete kuvandudza tekinoroji yemasangano ehungwaru, asi murwiri wekodzero dzevanhu anoda kuratidza mudare kuti kambani inogovana mutoro nevatengi vanoshungurudza software yavanenge vapihwa, uye kutengesa zvigadzirwa zvayo kumasevhisi anozivikanwa. kutyorwa kwekodzero dzavo.
Facebook yakatanga kuferefeta pamusoro pekugona kukanganisa kwemidziyo uye svondo rapfuura yakagovana mhedzisiro yekutanga neUS Dhipatimendi reJustice, uye yakazivisawo masangano akati wandei ekodzero dzevanhu nezve dambudziko rekubatanidza ruzivo rweveruzhinji (kune mabhiriyoni 1.5 ekuisa WhatsApp pasi rese).
Source: opennet.ru