ProHoster > Blog > litaba tsa inthanete > Ho ba kotsing ho li-chip tsa Qualcomm tse u lumellang ho hlasela sesebelisoa sa Android ka Wi-Fi

Ho ba kotsing ho li-chip tsa Qualcomm tse u lumellang ho hlasela sesebelisoa sa Android ka Wi-Fi

Ho Qualcomm's wireless chip stack tsebahatsoa likotsi tse tharo tse hlahisitsoeng tlasa lebitso la khoutu "QualPwn". Khatiso ea pele (CVE-2019-10539) e lumella lisebelisoa tsa Android hore li hlaseloe hole ka Wi-Fi. Bothata ba bobeli bo teng ho "firmware" e nang le "wireless stack" ea Qualcomm mme e lumella ho fihlella modem ea baseband (CVE-2019-10540). Bothata ba boraro teng ho mokhanni oa icnss (CVE-2019-10538) mme e etsa hore ho khonehe ho fihlela ts'ebetsong ea khoutu ea eona boemong ba kernel ea sethala sa Android. Haeba motsoako oa bofokoli bona o sebelisoa ka katleho, mohlaseli a ka khona ho laola sesebelisoa sa mosebelisi a le hole moo Wi-Fi e sebetsang ho sona (tlhaselo e hloka hore mohlaseluoa le mohlaseli ba hokahane le marang-rang a tšoanang a waelese).

Bokhoni ba tlhaselo bo bontšitsoe bakeng sa li-smartphones tsa Google Pixel2 le Pixel3. Bafuputsi ba hakanya hore bothata bo ka ama lisebelisoa tse fetang likete tse 835 tse thehiloeng ho Qualcomm Snapdragon 835 SoC le li-chips tse ncha (ho qala ka Snapdragon 835, firmware ea WLAN e ne e kopantsoe le subsystem ea modem mme e sebetsa e le sesebelisoa se ikhethileng sebakeng sa mosebelisi). Ka data Qualcomm, bothata bo ama li-chips tse 'maloa tse fapaneng.

Hajoale, ke lintlha tse akaretsang feela tse mabapi le bofokoli tse fumanehang, le lintlha reriloe e tla senoloa ka August 8 sebokeng sa Black Hat. Qualcomm le Google li ile tsa tsebisoa ka mathata ka Hlakubele mme li se li lokolotse litokiso (Qualcomm e tsebisitsoe ka mathata a teng June tlaleho, 'me Google e na le bofokoli bo tsitsitseng Phato Android platform update). Basebelisi bohle ba lisebelisoa tse thehiloeng ho li-chips tsa Qualcomm ba khothaletsoa ho kenya liapdeite tse fumanehang.

Ntle le litaba tse amanang le li-chips tsa Qualcomm, ntjhafatso ea Phato sethaleng sa Android e boetse e felisa ts'oenyeho e kholo (CVE-2019-11516) ho Broadcom Bluetooth stack, e lumellang mohlaseli hore a phethe khoutu ea bona molemong oa ts'ebetso e khethehileng. ho romella kopo ea phetisetso ea data e entsoeng ka mokhoa o ikhethileng. Kotsi (CVE-2019-2130) e rarollotsoe likarolong tsa sistimi ea Android e ka lumellang ts'ebetso ea khoutu ka litokelo tse phahameng ha o sebetsana le lifaele tsa PAC tse entsoeng ka mokhoa o ikhethileng.

Source: opennet.ru

Eketsa ka tlhaloso