Check Point waxay aqoonsatay nuglaanta ALAC (Apple Lossless Audio Codec) qaab-samaynta maqalka ee ay bixiso MediaTek (CVE-2021-0674, CVE-2021-0675) iyo Qualcomm (CVE-2021-30351). Dhibaatadu waxay ogolaataa in koodka weerarka la fuliyo marka xogta si gaar ah loo habeeyey ee qaabka ALAC ah.
Khatarta nuglaanta waxaa sii xumeynaya xaqiiqda ah in ay saameyso aaladaha ku shaqeeya aaladaha Android ee ku qalabeysan MediaTek iyo Qualcomm chips. Natiijadu waxay tahay weerarka, weeraryahanku wuxuu abaabuli karaa fulinta malware-ka aaladda marin u leh isgaarsiinta isticmaalaha iyo xogta warbaahinta badan, oo ay ku jirto xogta kamarada. Waxaa lagu qiyaasaa in 2/3 ka mid ah dhammaan isticmaalayaasha taleefannada casriga ah ee ku saleysan aaladda Android ay saameyso dhibaatada. Tusaale ahaan, gudaha Mareykanka, wadarta guud ee dhammaan taleefannada casriga ah ee Android la iibiyay rubuci 4aad ee 2021 ee lagu soo raray MediaTek iyo Qualcomm chips waxay ahayd 95.1% (48.1% - MediaTek, 47% - Qualcomm).
Faahfaahinta ka faa'iidaysiga nuglaanta weli lama shaacin, laakiin waxaa la sheegay in qaybaha MediaTek iyo Qualcomm ee aaladda Android la dhajiyay Diseembar 2021. Warbixin la soo saaray bishii Disembar ee ku saabsan dayacanka aaladda Android ayaa lagu aqoonsaday arrimuhu inay yihiin baylahda muhiimka ah ee qaybaha lahaanshaha ee Qualcomm chips. Nuglaanta qaybaha MediaTek laguma xusin warbixinnada.
Nuglaanta waa mid xiiso leh sababtoo ah xididdada. 2011, Apple wuxuu furay koodhka isha ee codec ALAC, kaas oo u oggolaanaya isku-dubarid xogta maqalka iyada oo aan la lumin tayada, ee hoos timaada shatiga Apache 2.0, waxayna suurtogalisay in la isticmaalo dhammaan shatiyada la xidhiidha codec. Koodhkan waa la daabacay laakiin wuu ka tagay, lamana beddelin 11kii sano ee la soo dhaafay. Isla mar ahaantaana, Apple waxay sii waday inay si gooni ah u taageerto hirgelinta loo isticmaalo aaladeeda, oo ay ku jiraan baabi'inta khaladaadka iyo dayacanka ku jira. MediaTek iyo Qualcomm waxay ku salaysan yihiin fulinta codec-yada ALAC ee asalka u ah koodhka isha furan ee Apple, laakiin kuma darin baylahaanshaha wax looga qabanayo hirgelinta Apple ee balastarkooda.
Weli ma jiro wax macluumaad ah oo ku saabsan nuglaanta ku jirta koodka alaabada kale ee isticmaala koodka ALAC ee duugoobay. Tusaale ahaan, qaabka ALAC waa la taageeray ilaa FFmpeg 1.1, laakiin koodka leh hirgelinta codeeriyaha si firfircoon ayaa loo ilaaliyaa.
Source: opennet.ru