ProHoster > Blog > litaba tsa inthanete > Ho ba kotsing ho Samsung Android firmware e sebelisitsoe hampe ka ho romella MMS

Ho ba kotsing ho Samsung Android firmware e sebelisitsoe hampe ka ho romella MMS

Ho processor ea litšoantšo ea Qmage e fanoeng ho Samsung Android firmware, e hahiloeng ka har'a sistimi ea ho fana ka litšoantšo tsa Skia, bofokodi (CVE-2020-8899), e u lumellang ho hlophisa ts'ebetso ea khoutu ha u sebetsana le litšoantšo ka liforomo tsa QM le QG (“.qmg”) ts'ebelisong efe kapa efe. Ho etsa tlhaselo, mosebelisi ha a hloke ho etsa ketso leha e le efe; maemong a bonolo, ho lekane ho romella mohlaseluoa MMS, lengolo-tsoibila kapa molaetsa oa moqoqo o nang le setšoantšo se entsoeng ka mokhoa o ikhethileng.

Ho lumeloa hore bothata bo bile teng ho tloha 2014, ho qala ka firmware e thehiloeng ho Android 4.4.4, e ileng ea eketsa liphetoho ho sebetsana le liforomo tse eketsehileng tsa litšoantšo tsa QM, QG, ASTC le PIO (PNG variant). Kotsi felisitsoe в dintlafatso Samsung firmware e lokollotsoe ka May 6th. Sethala se seholo sa Android le firmware e tsoang ho bahlahisi ba bang ha e amehe ke bothata.

Bothata bo ile ba bonoa nakong ea tlhahlobo ea fuzz ke moenjiniere oa Google, ea ileng a paka hore ts'oaetso ha e felle feela ho likotsi mme a hlophisa mohlala o sebetsang oa ts'ebetso e fetang ts'ireletso ea ASLR le ho qala sebali ka ho romella letoto la melaetsa ea MMS ho Samsung. Galaxy Note 10+ smartphone e sebelisang sethala sa Android 10.


Mohlala o bontšitsoeng, tlhekefetso e atlehileng e ile ea hloka metsotso e ka bang 100 ho hlasela le ho romela melaetsa e fetang 120. Ts'ebetso ena e na le likarolo tse peli - mohatong oa pele, ho feta ASLR, aterese ea mantlha e khethoa lilaebraring tsa libskia.so le libhwui.so, mme mothating oa bobeli, phihlello ea sesebelisoa e hole e fanoa ka ho qala "reverse. khetla”. Ho ipapisitse le sebopeho sa memori, ho tseba aterese ea mantlha ho hloka ho romella ho tloha ho 75 ho isa ho 450 melaetsa.

Ho phaella moo, e ka hlokomeloa phatlalatso May set of security fixes for Android, that fix 39 bofokoli. Litaba tse tharo li fuoe boemo bo boima ba kotsi (lintlha ha li so senoloe):

  • CVE-2020-0096 ke ts'oaetso ea lehae e lumellang ts'ebetso ea khoutu ha o sebetsana le faele e etselitsoeng ka ho khetheha);
  • CVE-2020-0103 ke ts'oaetso e hole ho sistimi e lumellang ts'ebetso ea khoutu ha e sebetsana le data e etselitsoeng ka ntle ka ho khetheha);
  • CVE-2020-3641 ke tlokotsi ea likarolo tsa thepa ea Qualcomm).

Source: opennet.ru

Eketsa ka tlhaloso