Bekunokuthini ukuba bendikuxelele ukuba ekuphela komsebenzi wenxalenye yesoftware ye-antivirus enotyikityo oluthembekileyo lwedijithali kukuqokelela zonke iziqinisekiso zakho ezigcinwe kwizikhangeli ze-Intanethi ezidumileyo? Kuthekani ukuba ndithi akukhathaliseki kuye ukuba yiminqweno kabani ukuziqokelela? Mhlawumbi uya kucinga ukuba ndiyalahleka. Makhe sibone ukuba injani ngokwenene?
Masiyiqonde
Uphila kwaye uhlala kwinkampani ye-antivirus njenge . Ivelisa iimveliso ezahlukeneyo ezinxulumene nokhuseleko lolwazi. Kukho neemveliso zasimahla zokusetyenziswa ekhaya.
Masibe nomdla kwinguqulelo yasimahla kwaye sibone ukuba imveliso yoogxa bethu baseJamani inokwenza ntoni. Sijonga ngaphezulu kwe-interface - akukho nto ingaqhelekanga. Asifumani nakuphi na ukukhankanywa kwenye yeemveliso zenkampani-Umphathi wephasiwedi we-Avira.
Makhe sijonge icandelo elinegama elingatsali ngqalelo "Avira.PWM.NativeMessaging.exe"? Idityaniselwe iqonga le-NET kwaye ayifihlwanga nangayiphi na indlela, ngoko siyilayisha kwi-dnSpy kwaye sifunde ngokukhululekileyo ikhowudi yenkqubo.
Inkqubo yinkqubo ye-console kwaye ilindele imiyalelo kumjelo wegalelo eliqhelekileyo. Umsebenzi ophambili usebenzisa "funda" ifunda idatha kumjelo, ijonga ifomathi kwaye igqithise umyalelo kumsebenzi "ProcessMessage" Ngokufanayo, ngokulandelayo, ijonga ukuba umyalelo ogqithisiweyo ngu "fetchChromePasswords"okanye"landaIziqinisekiso" (nangona wenza ntoni umahluko ukuba ukuziphatha okuqhubekayo kuyafana?) kwaye ke eyona nxalenye inomdla iqala - ukubiza umsebenzi "FumanaIziqinisekiso zeBrowser" Inika umdla ... yintoni enokwenziwa ngumsebenzi onelo gama?
Akukho nto ingaqhelekanga, iqokelela kuluhlu olunye zonke iiakhawunti zomsebenzisi ezigcinwe xa usebenza kunye neziphequluli ze-Intanethi "Chrome", "Opera" (esekwe kwiChromium), "Firefox" kunye ne "Edge" (esekwe kwiChromium) kwaye ibuyisela idatha njenge JSON into.
Ewe, emva koko ibonisa idatha eqokelelweyo kwi-console:
Umxholo wengxaki
- Icandelo liqokelela iziqinisekiso zomsebenzisi;
- Icandelo aliqinisekisi inkqubo yokufowuna (umzekelo, ngokuba inomsayino wedijithali ovela kumenzi ngokwawo);
- Icandelo linesiginitsha yedijithali "ethembekileyo" kwaye ayiphakamisi ukukrokra phakathi kwabanye abavelisi be-software ye-anti-virus;
- Icandelo lisebenza njengesicelo esahlukileyo.
IoC
SHA1: 13c95241e671b98342dba51741fd02621768ecd5.
I-CVE-2020-12680 yakhutshelwa lo mba.
Ngomhla we-07.04.2020/XNUMX/XNUMX ndathumela ileta malunga nale ngxaki: [imeyile ikhuselwe] ΠΈ [imeyile ikhuselwe] enenkcazelo epheleleyo. Kwakungekho neeleta zokuphendula, kubandakanywa neenkqubo ezizenzekelayo. Kwinyanga kamva, icandelo elichaziweyo lisasasazwa kwi-Avira Free Antivirus.
umthombo: www.habr.com