Lintlha tse mabapi le bohlokoa
(CVE-2019-3568) ts'ebelisong ea mehala ea WhatsApp, e u lumellang hore u phethe khoutu ea hau ka ho romella mohala oa lentsoe o hlophisitsoeng ka mokhoa o ikhethileng. Bakeng sa tlhaselo e atlehileng, karabelo ea mohala o lonya ha e hlokehe; mohala o lekane. Leha ho le joalo, mohala o joalo hangata ha o hlahe lethathamong la mehala mme tlhaselo e kanna ea se ke ea hlokomeloa ke mosebelisi.
Kotsi ha e amane le protocol ea Signal, empa e bakoa ke ho tlala ha "buffer" ho setaki se ikhethileng sa WhatsApp sa VoIP. Bothata bo ka sebelisoa hampe ka ho romela letoto le entsoeng ka ho khetheha la lipakete tsa SRTCP sesebelisoa sa mohlaseluoa. Ho ba kotsing ho ama WhatsApp bakeng sa Android (e behiloe ho 2.19.134), WhatsApp Business for Android (e behiloe ho 2.19.44), WhatsApp bakeng sa iOS (2.19.51), WhatsApp Business bakeng sa iOS (2.19.51), WhatsApp bakeng sa Windows Phone ( 2.18.348) le WhatsApp bakeng sa Tizen (2.18.15).
Ho khahlisang, selemong se fetileng WhatsApp le Facetime Project Zero li ile tsa lebisa tlhokomelo ho bofokoli bo lumellang melaetsa ea taolo e amanang le mohala oa lentsoe ho romelloa le ho sebetsoa sethaleng pele mosebelisi a amohela mohala. WhatsApp e ile ea khothaletsoa ho tlosa tšobotsi ena 'me ea bontšoa hore ha ho etsoa tlhahlobo ea fuzzing, ho romela melaetsa e joalo ho lebisa likotsing tsa kopo, ke hore. Le selemong se fetileng ho ne ho tsejoa hore ho na le bofokoli bo ka bang teng ka har'a khoutu.
Kamora ho tsebahatsa mesaletsa ea pele ea ho sekisetsa sesebelisoa ka Labohlano, baenjiniere ba Facebook ba ile ba qala ho theha mokhoa oa ts'ireletso, ka Sontaha ba ile ba koala sekheo sa boemo ba meaho ea seva ba sebelisa workaround, mme ka Mantaha ba qala ho tsamaisa ntjhafatso e lokiselitseng software ea bareki. Ha ho so hlake hore na ke lisebelisoa tse kae tse hlasetsoeng ho sebelisoa ts'oaetso. Ke boiteko bo sa atleheng feela bo tlalehiloeng ka Sontaha ba ho sekisetsa smartphone ea e mong oa baitseki ba litokelo tsa botho ba sebelisa mokhoa o hopotsang theknoloji ea NSO Group, hammoho le boiteko ba ho hlasela smartphone ea mosebeletsi oa mokhatlo oa litokelo tsa botho Amnesty International.
Bothata e ne e le ntle le phatlalatso e sa hlokahaleng Khamphani ea Isiraele ea NSO Group, e ileng ea khona ho sebelisa bofokoli ho kenya spyware ho li-smartphones ho fana ka leihlo ke mekhatlo ea molao. NSO e re e hlahloba bareki ka hloko haholo (e sebetsa feela le mekhatlo ea ts'ebetsong ea molao le ea bohlale) mme e batlisisa litletlebo tsohle tsa tlhekefetso. Haholo-holo, ho se ho qaliloe teko e amanang le litlhaselo tse rekotiloeng ho WhatsApp.
NSO e hana ho kenya letsoho litlhaselong tse itseng mme e bolela feela ho nts'etsapele thekenoloji bakeng sa mekhatlo ea bohlale, empa mohanyetsi oa litokelo tsa botho o ikemiselitse ho paka ka lekhotleng hore k'hamphani e arolelana boikarabello le bareki ba sebelisang hampe software eo ba e filoeng, mme ba rekisitse lihlahisoa tsa bona lits'ebeletso tse tsebahalang. ditokelo tsa bona tsa botho.
Facebook e qalile lipatlisiso mabapi le ho sekisetsa ho ka bang teng ha lisebelisoa mme bekeng e fetileng e ile ea arolelana liphetho tsa pele ka lekunutu le Lefapha la Toka la United States, hape e tsebisitse mekhatlo e mengata ea litokelo tsa botho ka bothata ba ho hokahanya tlhokomeliso ea sechaba (ho na le lits'ebetso tsa WhatsApp tse ka bang limilione tse likete tse 1.5 lefatšeng ka bophara).
Source: opennet.ru