Gudaha Qualcomm's chip-ka bilaa-waayirka ah saddex baylahda oo lagu soo bandhigay magaca koodka "QualPwn". Arrinta koowaad (CVE-2019-10539) waxay ogolaataa aaladaha Android in meel fog laga soo weeraro iyada oo loo marayo Wi-Fi. Dhibaatada labaad waxay ku jirtaa firmware-ka lahaanshaha leh ee leh xirmooyinka wireless-ka ee Qualcomm waxayna u oggolaaneysaa gelitaanka modem-ka baseband (CVE-2019-10540). Dhibka saddexaad Dareewalka icnss (CVE-2019-10538) oo ka dhigaya suurtogalnimada in lagu gaaro fulinta koodka heerka kernel ee goobta Android. Haddii isku darka jilicsanaantan si guul leh looga faa'iidaysto, weeraryahanku wuxuu meel fog ka heli karaa kantaroolka aaladda isticmaale ee Wi-Figu ku shaqeeyo (weerarku wuxuu u baahan yahay in dhibbanaha iyo weeraryahanku ku xidhmaan isla shabakad wireless).
Awoodda weerarka waxaa lagu muujiyay Google Pixel2 iyo Pixel3 casriga ah. Cilmi-baadhayaashu waxay qiyaaseen in dhibaatadu ay suurtogal tahay inay saamayso in ka badan 835 oo qalab oo ku salaysan Qualcomm Snapdragon 835 SoC iyo chips cusub (laga bilaabo Snapdragon 835, WLAN firmware waxaa lagu dhex daray nidaamka-hoosaadka modem wuxuuna u shaqeeyay sidii codsi go'doonsan booska isticmaalaha). By Qualcomm, dhibaatadu waxay saamaysaa dhowr iyo toban chips oo kala duwan.
Hadda, kaliya macluumaadka guud ee ku saabsan dayacanka ayaa la heli karaa, iyo faahfaahin in lagu soo bandhigo Agoosto 8 ee shirka Black Hat. Qualcomm iyo Google ayaa lagu wargeliyay dhibaatooyinka bishii Maarso waxayna horay u sii daayeen hagaajin (Qualcomm ayaa ka warbixisay dhibaatooyinka , Google-na waxa ay leedahay baylahda go'an Cusboonaysiinta madal Android). Dhammaan isticmaalayaasha aaladaha ku saleysan Qualcomm chips waxaa lagula talinayaa inay rakibaan cusbooneysiinta la heli karo.
Marka laga soo tago arrimaha la xiriira chips-ka Qualcomm, cusbooneysiinta Agoosto ee aaladda Android waxay sidoo kale meesha ka saaraysaa nuglaanta muhiimka ah (CVE-2019-11516) ee ku jirta xirmada Broadcom Bluetooth, taas oo u oggolaaneysa weeraryahan inuu fuliyo koodkiisa iyadoo la raacayo habka mudnaanta leh diraya codsi wareejinta xogta si gaar ah loo farsameeyey. Nuglaanta (CVE-2019-2130) ayaa lagu xalliyay qaybaha nidaamka Android taasoo u oggolaan karta fulinta kood oo leh mudnaanta sare marka la farsameynayo faylalka PAC ee sida gaarka ah loo farsameeyay.
Source: opennet.ru