Ka Hlakola Android platform bothata bo ile ba lokisa (CVE-2020-0022) ka har'a stack ea Bluetooth, e lumellang ts'ebetso ea khoutu e hole ka ho romella pakete e entsoeng ka mokhoa o ikhethileng oa Bluetooth. Bothata bo ka se lemohuoe ke mohlaseli ka har'a sebaka sa Bluetooth. Ho ka etsahala hore ts'oaetso e ka sebelisoa ho theha liboko tse tšoaetsang lisebelisoa tsa boahelani ka ketane.
Bakeng sa tlhaselo, ho lekane ho tseba aterese ea MAC ea sesebelisoa sa motho ea hlokofalitsoeng (ho kopanya esale pele ha ho hlokahale, empa Bluetooth e tlameha ho buloa sesebelisoa). Lisebelisoa tse ling, aterese ea Bluetooth MAC e ka baloa ho latela aterese ea Wi-Fi MAC. Haeba ts'oaetso e sebelisoa ka katleho, mohlaseli a ka sebelisa khoutu ea hae ka litokelo tsa ts'ebetso ea morao-rao e hokahanyang ts'ebetso ea Bluetooth ho Android.
Bothata bo tobane le stack ea Bluetooth e sebelisoang ho Android (e ipapisitse le khoutu e tsoang ho projeke ea BlueDroid e tsoang ho Broadcom) mme ha e hlahe sepakapakeng sa BlueZ se sebelisoang Linux.
Bafuputsi ba hlokometseng bothata ba ile ba khona ho lokisa mohlala o sebetsang oa tlatlapo, empa lintlha tsa tlhekefetso li tla ba teng. hamorao, ka mor'a hore tokiso e fetisetsoe ho basebelisi ba bangata. Hoa tsebahala feela hore ts'oaetso e teng ka khoutu ea ho tsosolosa liphutheloana le palo e fosahetseng ea boholo ba lipakete tsa L2CAP (Logical link control and adaptation protocol) lipakete, haeba data e fetisitsoeng ke motho ea romelang e feta boholo bo lebelletsoeng.
Ho Android 8 le 9, bothata bo ka lebisa ts'ebetsong ea khoutu, empa ho Android 10 e lekanyelitsoe ho senyeha ha ts'ebetso ea morao-rao ea Bluetooth. Litokollo tsa khale tsa Android li kanna tsa angoa ke bothata bona, empa ts'ebeliso ea ts'oaetso ha e so lekoe. Basebelisi ba eletsoa ho kenya apdeite ea firmware kapele kamoo ho ka khonehang, 'me haeba sena se sa khonehe, tima Bluetooth ka mokhoa o ikhethileng, thibela ho sibolloa ha sesebelisoa,' me u kenye Bluetooth libakeng tsa sechaba ha feela ho hlokahala (ho kenyeletsoa ho nkela li-headphone tse se nang mohala sebaka ka tse nang le mehala).
Ho phaella ho bothata bo boletsoe ka Sehlopha sa litokiso tsa ts'ireletso bakeng sa Android se felisitse bofokoli ba 26, moo bofokoli bo bong (CVE-2020-0023) bo abetsoeng boemo bo boima ba kotsi. Bofokoli ba bobeli bo boetse bo teng Bluetooth stack mme e amahanngoa le ts'ebetso e fosahetseng ea tokelo ea BLUETOOTH_PRIVILEGED ho setPhonebookAccessPermission. Mabapi le bofokoli bo tšoailoeng e le kotsi e kholo, litaba tse 7 li ile tsa rarolloa ka meralo le lits'ebetso, tse 4 ho likarolo tsa sistimi, 2 kernel, le 10 mohloling o bulehileng le likarolo tsa thepa bakeng sa li-chips tsa Qualcomm.
Source: opennet.ru