Vahwina vepagore Pwnie Awards 2021 vakatemerwa, vachiratidzira zvakanyanya kusasimba uye kutadza kupusa mumunda wekuchengetedza komputa. Iyo Pwnie Awards inoonekwa seyakaenzana neOscars uye iyo Goridhe Raspberry mukuchengetedza komputa.
Vahwina vakuru (rondedzero yevanokwikwidza):
- Better ropafadzo escalation vulnerability. Kukunda kwakapihwa kuQualys yekuona kusagadzikana CVE-2021-3156 mune sudo utility, iyo inobvumira kuwana midzi ropafadzo. Kusagadzikana kwave kuripo mukodhi kweanenge makore gumi uye kunozivikanwa nekuti kuongororwa kwakaringana kweiyo logic yemushandisi yaidiwa kuti ione.
- Yakanakisa Server Bug. Yakapihwa mubairo wekuzivisa uye kushandisa iyo yakanyanya hunyanzvi uye inonakidza bug mune network sevhisi. Kukunda kwakapihwa nekuzivisa vector nyowani yekurwiswa paMicrosoft Exchange. Ruzivo nezve kwete kusakanganiswa kwekirasi iyi kwakaburitswa, asi ruzivo rwakatoburitswa pamusoro pekusagadzikana CVE-2021-26855 (ProxyLogon), iyo inobvumira kutora data kubva kune anopokana mushandisi pasina humbowo, uye CVE-2021-27065, iyo inoita. zvinokwanisika kuita kodhi yako pane sevha ine kodzero yemutungamiriri.
- Iyo yakanakisa cryptographic kurwisa. Yakapihwa yekuzivisa zvakanyanya kukosha kukanganisa mumasisitimu chaiwo, maprotocol, uye encryption algorithms. Mubairo uyu wakapihwa kuMicrosoft nekuda kwekusagadzikana (CVE-2020-0601) mukuita kweiyo elliptic curve siginecha yedhijitari iyo inogona kuburitsa makiyi akavanzika kubva kuruzhinji makiyi. Dambudziko rakabvumira kugadzirwa kwemanyepo eTLS zvitupa zveHTTPS uye manyepo edhijitari masiginicha, ayo akasimbiswa muWindows seakavimbika.
- Tsvagiridzo yakanakisa. Mubairo uyu wakapihwa vaongorori vakakurudzira nzira yeBlindSide yekunzvenga Kero Randomization Based Leverage (ASLR) dziviriro nekushandisa padivi-chani inobvinza inokonzerwa nekufungidzira kuitiswa kwemirairo neprocessor.
- Iko kukundikana kukuru (Yakawanda Epic FAIL). Mubairo wakapihwa kuMicrosoft nekuda kwekuburitswa-kuburitswa kwakatyoka kwekugadzirisa kwePrintNightmare (CVE-2021-34527) kusagadzikana muWindows printing system iyo inokutendera kuti uite kodhi yako. Pakutanga, Microsoft yakaratidza dambudziko seyenzvimbo, asi zvakazoitika kuti kurwiswa kwacho kwaigona kuitwa kure. Ipapo Microsoft yakaburitsa zvigadziriso kanokwana kana, asi nguva yega yega gadziriso yakavhara chete yakakosha kesi, uye vaongorori vakawana nzira nyowani yekuita kurwisa.
- Yakanakisa bug mune mutengi software. Akahwina aive muongorori akaona CVE-2020-28341 kusagadzikana mune yakachengeteka Samsung crypto processors yakagamuchira CC EAL 5+ chitupa chekuchengetedza. Kusagadzikana kwakaita kuti zvikwanise kupfuura zvachose kudzivirira uye kuwana kodhi yakaitwa pane chip uye data rakachengetwa mune enclave, nekupfuura iyo skrini saver kukiya, uye zvakare kuita shanduko kune firmware kugadzira yakavanzika backdoor.
- Kunyanya kushomeka kwenjodzi. Mubairo uyu wakapihwa kuQualys yekuona zvakatevedzana zve21Nails kusagadzikana muExim mail server, gumi yacho inogona kushandiswa kure. Vagadziri veExim vanga vasina chokwadi nezve mukana wekushandisa matambudziko uye vakapedza mwedzi inodarika 10 vachigadzira zvigadziriso.
- Iyo yakanyanya kuremerwa maitiro emugadziri (Lamest Vendor Response). Kusarudzwa kwemhinduro isina kunyanyo fanira kumushumo wekusagadzikana muchigadzirwa chako. Akahwina aive Cellebrite, kambani inovaka forensic ongororo uye migodhi yedata zvikumbiro zvekuchengetedza mutemo. Cellebrite akapindura zvisina kufanira kumushumo wekusagadzikana wakatumirwa naMoxie Marlinspike, munyori weSignal protocol. Moxxi akatanga kufarira Cellebrite mushure mechinyorwa chenhau nezvekugadzirwa kwehunyanzvi hunobvumira kubiridzira kwakavanzika maSignal meseji, ayo akazove emanyepo nekuda kwekududzirwa zvisizvo kweruzivo mune chimwe chinyorwa pane webhusaiti yeCellebrite, iyo yakabva yabviswa (" kurwiswa" kwaida kuwanikwa kwemuviri kufoni uye kugona kuvhura skrini, i.e. kuderedzwa kusvika pakuona mameseji mutumwa, asi kwete nemaoko, asi uchishandisa yakakosha application inoteedzera zviito zvemushandisi).
Moxxi akadzidza maCellebrite maapplication uye akawana kusadzikama kwakakomba uko kwaibvumira kodhi isina kufanira kuurayiwa kana uchiedza kuongorora data rakagadzirwa. Iyo Cellebrite application yakawanikwa zvakare iri kushandisa yekare ffmpeg raibhurari iyo isina kuvandudzwa kwemakore 9 uye ine huwandu hukuru hwekusagadzikana. Panzvimbo yekubvuma matambudziko uye kugadzirisa matambudziko, Cellebrite yakapa chirevo chekuti ine hanya nekutendeseka kwemushandisi data, inochengetedza chengetedzo yezvigadzirwa zvayo pamwero wakakodzera, inoburitsa nguva dzose inogadziridza uye inopa yakanakisa maapplication erudzi rwayo.
- Kubudirira kukuru. Mubairo uyu wakapihwa Ilfak Gilfanov, munyori weIDA disassembler uye Hex-Rays decompiler, nekuda kwekubatsira kwake mukuvandudza maturusi evaongorori vekuchengetedza uye nekugona kwake kuchengetedza chigadzirwa kusvika parizvino kwemakore makumi matatu.
Source: opennet.ru