MuQmage mufananidzo processor inopihwa muSamsung Android firmware, yakavakirwa muSkia graphics rendering system, (CVE-2020-8899), iyo inokubvumira kuronga kushandiswa kwekodhi paunenge uchigadzira mifananidzo muQM neQG (β.qmgβ) mafomati mune chero application. Kuita kurwiswa, mushandisi haafanire kuita chero zviito; mune iri nyore nyaya, zvakakwana kutumira munhu anenge abatwa MMS, email, kana meseji yekutaura ine mufananidzo wakagadzirwa.
Dambudziko rinotendwa kuti raivepo kubva 2014, kutanga ne firmware yakavakirwa pa Android 4.4.4, iyo yakawedzera shanduko kubata mamwe maQM, QG, ASTC uye PIO (PNG variant) mafomati emifananidzo. Kusagadzikana Π² Samsung firmware yakaburitswa muna Chivabvu 6. Iyo huru Android platform uye firmware kubva kune vamwe vanogadzira haina kukanganiswa nedambudziko.
Dambudziko rakaonekwa panguva yekuyedzwa kwefuzz nainjiniya kubva kuGoogle, uyo akaratidzawo kuti kusazvibata hakungogumiri pakuparara uye akagadzira prototype inoshanda yekubiridzira iyo inodarika kudzivirira kweASLR uye kuvhura Calculator nekutumira akateedzana mameseji eMMS kune Samsung. Galaxy Note 10+ smartphone inoshandisa Android 10 platform.
Mumuenzaniso wakaratidzwa, kushandiswa kwakabudirira kwaida maminetsi angangoita 100 kurwisa uye kutumira mameseji anopfuura zana nemakumi maviri. Iko kushandiswa kunosanganisira zvikamu zviviri - padanho rekutanga, kupfuura ASLR, kero yekutanga inotarwa mumaraibhurari libskia.so uye libhwui.so, uye padanho rechipiri, kuwana kure kune mudziyo kunopihwa nekutanga "reverse". shellβ. Zvichienderana nekurongeka kwendangariro, kusarudza kero yekutanga kunoda kutumira kubva pa120 kusvika 75 mameseji.
Uyezve, inogona kucherechedzwa May set of security fixes for Android, iyo yakagadzirisa 39 kusasimba. Nyaya nhatu dzakapihwa nhanho yakaoma yengozi (ruzivo harusati rwaburitswa):
- CVE-2020-0096 injodzi yemunharaunda inobvumira kodhi kuuraya kana uchigadzira faira rakagadzirwa;
- CVE-2020-0103 injodzi iri kure muhurongwa inobvumira kuurayiwa kwekodhi kana uchigadzira yakanyatso gadzirwa data rekunze;
- CVE-2020-3641 injodzi muQualcomm proprietary components).
Source: opennet.ru