Cilmi-baarayaal ka socda kooxda Google ee Project Zero ayaa soo sheegay in la ogaaday 18 nugul oo ku jira modem-yada Samsung Exynos 5G/LTE/GSM. Afarta nugul ee ugu khatarta badan (CVE-2023-24033) waxay u oggolaanayaan fulinta koodhka heerka jajabka saldhigga iyada oo loo marayo wax ka beddelka shabakadaha internetka ee dibadda. Sida laga soo xigtay wakiillada Google Project Zero, iyadoo la sameeyay cilmi-baaris dheeraad ah, weeraryahanno xirfad leh ayaa si dhakhso ah u abuuri kara faa'iido shaqo oo u oggolaan doonta xakamaynta fog ee module-ka wireless-ka, iyagoo og lambarka taleefanka dhibbanaha oo keliya. Weerarka waxaa la fulin karaa iyada oo aan la ogaan oo uma baahna wax ficil ah oo isticmaale ah.
14-ka dayacan ee haray waxaa loo arkaa inay yihiin kuwo aad u hooseeya sababtoo ah weerarku wuxuu u baahan yahay marin u helidda kaabayaasha shirkadda moobaylka ama marin u helidda maxalliga ah ee qalabka isticmaalaha. Marka laga reebo nuglaanta CVE-2023-24033, oo ah hagaajin lagu sii daayay cusboonaysiinta firmware-ka Maarso ee aaladaha Google Pixel, dhibaatooyinka weli lama hagaajin. Macluumaadka kaliya ee la yaqaan ee ku saabsan CVE-2023-24033 ayaa ah inay sabab u tahay ansaxinta khaldan ee qaabka sifada "nooca aqbalka" ee lagu gudbiyo farriimaha SDP (Protocol-ka Sharaxaadda Kalfadhiga).
Ilaa inta ay soo saarayaashu hagaajinayaan nuglaanta, dadka isticmaala waxaa lagula talinayaa inay joojiyaan taageerada VoLTE (Voice-over-LTE) iyo wicitaanka Wi-Fi ee goobahooda. Nuglaanta waxay saameysaa aaladaha ku qalabaysan jajabyada Exynos, sida taleefannada casriga ah ee Samsung (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, iyo A04), taleefannada casriga ah ee Vivo (S16, S15, S6, X70, X60, iyo X30), taleefannada casriga ah ee Google Pixel (6 iyo 7), iyo sidoo kale aaladaha la xiran karo ee leh jajabka Exynos W920 iyo nidaamyada baabuurta ee leh jajabka Exynos Auto T5123.
Sababtoo ah darnaanta nuglaanta iyo suurtagalnimada in si dhakhso ah loo soo bandhigo, Google waxay go'aansatay inay dib u dhigto shaacinta faahfaahinta afarta arrimood ee ugu daran siyaasadda. Nuglaanta harsan waxaa la sii deyn doonaa jadwalka sii deynta 90-maalmood ka dib marka la ogeysiiyo iibiyaha (macluumaadka ku saabsan CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, iyo CVE-2023-26076 ayaa horeyba looga heli karaa nidaamka dabagalka cayayaanka, 9-ka arrimood ee harsanna weli ma dhicin). Nuglaanta la xusay ee CVE-2023-2607* waxaa sababa qulqulka kaydka marka la kala saarayo xulashooyinka qaarkood iyo liisaska codecyada NrmmMsgCodec iyo NrSmPcoCodec.
Source: opennet.ru
