ProHoster > Blog > wararka internetka > Nuglaanta gudaha Android- Qalabka Samsung firmware-ka, oo lagu shaqeeyo iyada oo loo marayo diritaanka MMS

Nuglaanta gudaha Android- Qalabka Samsung firmware-ka, oo lagu shaqeeyo iyada oo loo marayo diritaanka MMS

Gudaha la bixiyay Android- nuglaan ayaa laga helay firmware-ka Samsung ee ku jira processor-ka sawirka Qmage, kaas oo ku dhex jira nidaamka sawir-qaadista sawirada Skia nuglaanta (CVE-2020-8899), kaas oo u oggolaanaya fulinta code marka la farsameynayo sawirada QM iyo QG ("qmg") ee codsi kasta. Weerarku uma baahna ficil isticmaale; Xaaladda ugu fudud, waa ku filan inaad u dirto dhibbanaha MMS, iimaylka, ama fariinta wada sheekaysiga oo ka kooban sawir si gaar ah loo farsameeyay.

Dhibaatada waxaa la rumeysan yahay inay jirtay tan iyo 2014, iyadoo laga bilaabayo firmware-ka ku salaysan Android 4.4.4, oo ay ku jiraan isbeddello lagu taageerayo qaababka sawirka dheeraadka ah sida QM, QG, ASTC, iyo PIO (nooc ka mid ah PNG). meesha laga saaray в updates Firmware-ka Samsung ayaa la sii daayay Maajo 6-deedii. Madal ugu weyn Android iyo firmware-ka ka yimaada soosaarayaasha kale uma nugul yihiin dhibaatadan.

Arrintan waxaa lagu ogaaday intii lagu guda jiray tijaabinta fuzzing oo uu sameeyay injineer Google ah, kaasoo sidoo kale caddeeyay in nuglaanta aysan ku koobnayn shil oo uu diyaariyay qaab shaqeynaya oo ah faa'iido ka gudubta ilaalinta ASLR isla markaana bilaaba xisaabiyaha isagoo diraya farriimo MMS ah oo taxane ah taleefanka casriga ah ee Samsung Galaxy Note 10+ oo ku shaqeeya madal. Android 10.


Cayaar fiidiyow

Tusaalaha la soo bandhigay, ka faa'iidaysiga guusha leh wuxuu u baahday ku dhawaad ​​100 daqiiqo oo wakhtiga weerarka ah iyo in ka badan 120 fariimo oo la diray. Ka faa'iidaysigu wuxuu ka kooban yahay laba qaybood: marxaladda koowaad ayaa go'aamisa ciwaanka saldhigga ah ee libskia.so iyo libhwui.so maktabadaha si ay u dhaafaan ASLR, iyo marxaladda labaad waxay bixisaa meel fog oo qalab ah iyada oo la bilaabayo "qashin gadaal ah." Iyadoo ku xiran qaabka xusuusta, go'aaminta ciwaanka salku wuxuu u baahan yahay dirida inta u dhaxaysa 75 iyo 450 farriimaha.

Intaa waxaa dheer, waxaa lagu ogaan karaa daabacaadda Qoraallada amniga ayaa laga yaabaa inay hagaajiyaan Android, kaas oo 39 nugul lagu xalliyay. Saddex arrimood ayaa loo qoondeeyay heer halis ah (faahfaahinta weli lama shaacin):

  • CVE-2020-0096 - Nuglaansho maxalli ah oo u oggolaanaysa fulinta kood marka la farsameynayo faylka sida gaarka ah loo farsameeyay;
  • CVE-2020-0103 - Nuglaanshaha fog ee nidaamka u oggolaanaya fulinta kood marka la farsameynayo xogta dibadda ee si gaar ah loo sameeyay.
  • CVE-2020-3641 waa u nuglaanshaha qaybaha lahaanshaha ee Qualcomm.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster