I-Check Point ichonge ubuthathaka kwi-ALAC (i-Apple Lossless Audio Codec) i-audio compression decoders yefomathi enikezelwa yi-MediaTek (CVE-2021-0674, CVE-2021-0675) kunye ne-Qualcomm (CVE-2021-30351). Ingxaki ivumela ikhowudi yomhlaseli ukuba iqhutywe xa kusetyenzwa idatha efomathiweyo ngokukodwa kwifomathi ye-ALAC.
Ingozi yokuba sesichengeni yandiswa yinto yokuba ichaphazela izixhobo eziqhuba iqonga le-Android elixhotyiswe nge-MediaTek kunye ne-Qualcomm chips. Njengomphumo wokuhlaselwa, umhlaseli unokuququzelela ukuphunyezwa kwe-malware kwisixhobo esinokufikelela kunxibelelwano lomsebenzisi kunye nedatha ye-multimedia, kuquka idatha esuka kwikhamera. Kuqikelelwa ukuba i-2/3 yabo bonke abasebenzisi be-smartphone esekelwe kwiqonga le-Android bachatshazelwa yingxaki. Ngokomzekelo, e-US, isabelo esipheleleyo sazo zonke ii-smartphones ze-Android ezithengiswe kwikota yesi-4 ka-2021 ezithunyelwe nge-MediaTek kunye ne-Qualcomm chips yayiyi-95.1% (48.1% - MediaTek, 47% - Qualcomm).
Iinkcukacha zokuxhatshazwa kobuthathaka azikabhengezwa, kodwa kuxelwe ukuba iMediaTek kunye neQualcomm yeqonga leqonga le-Android zalungiswa ngoDisemba ka-2021. Ingxelo kaDisemba malunga nokuba semngciphekweni kwiqonga le-Android ichonge imiba njengobuthathaka obubalulekileyo kumacandelo obunini beetshiphusi zeQualcomm. Ukuba sesichengeni kumacandelo eMediaTek akukhankanywanga kwiingxelo.
Ubuthathaka bunika umdla ngenxa yeengcambu zabo. Kwi-2011, i-Apple yavula ikhowudi yomthombo we-codec ye-ALAC, evumela ukunyanzeliswa kwedatha ye-audio ngaphandle kokulahlekelwa ngumgangatho, phantsi kwelayisensi ye-Apache 2.0, kwaye yenza kube lula ukusebenzisa zonke iipatent ezinxulumene ne-codec. Ikhowudi yapapashwa kodwa ishiywe ingagcinwanga kwaye ayizange itshintshwe kwiminyaka eyi-11 edlulileyo. Ngelo xesha, i-Apple yaqhubeka ixhasa ngokwahlukileyo ukuphunyezwa okusetyenziswe kwiiplatifti zayo, kubandakanywa nokuphelisa iimpazamo kunye nobuthathaka kuyo. I-MediaTek kunye ne-Qualcomm basekwe ukuphunyezwa kwe-codec yabo ye-ALAC kwikhowudi yomthombo ovulekileyo we-Apple, kodwa ayiquki ubuthathaka obujongwe ekuphunyezweni kwe-Apple kwiipatches zabo.
Akukho lwazi okwangoku malunga nokuba sesichengeni kwikhowudi yezinye iimveliso ezikwasebenzisa ikhowudi ye-ALAC yakudala. Ngokomzekelo, ifomathi ye-ALAC ixhaswe ukususela kwi-FFmpeg 1.1, kodwa ikhowudi enokuphunyezwa kwe-decoder igcinwa ngokusebenzayo.
umthombo: opennet.ru