Ulwazi malunga nokubalulekileyo
(CVE-2019-3568) kwisicelo sefowuni ye-WhatsApp, ekuvumela ukuba wenze ikhowudi yakho ngokuthumela umnxeba welizwi owenziwe ngokukodwa. Ukuhlaselwa okuphumelelayo, impendulo kwifowuni ekhohlakeleyo ayifuni; Nangona kunjalo, umnxeba onjalo kaninzi awubonakali kwilog yefowuni kwaye uhlaselo lunokungaqatshelwa ngumsebenzisi.
Ukuba sesichengeni akunxulumananga neProtokol yoMqondiso, kodwa kubangelwa kukuphuphuma kwebuffer kwistakhi yeVoIP engqalileyo ye-WhatsApp. Ingxaki ingasetyenziswa ngokuthumela uluhlu oluyilwe ngokukodwa lweepakethi ze-SRTCP kwisixhobo sexhoba. Ubuthathaka buchaphazela i-WhatsApp ye-Android (ilungiswe kwi-2.19.134), i-WhatsApp Business for Android (ilungiswe kwi-2.19.44), i-WhatsApp ye-iOS (2.19.51), i-WhatsApp Business ye-iOS (2.19.51), i-WhatsApp ye-Windows Phone ( 2.18.348) kunye ne-WhatsApp yeTizen (2.18.15).
Okubangela umdla kukuba, kunyaka ophelileyo I-WhatsApp kunye neProjekthi yeProjekthi ye-Facetime Zero yatsalela ingqalelo kwisiphene esivumela ukuba imiyalezo yolawulo ehambelana nomnxeba welizwi ithunyelwe kwaye iqhutywe kwinqanaba ngaphambi kokuba umsebenzisi amkele ifowuni. I-WhatsApp yacetyiswa ukuba isuse eli nqaku kwaye kwaboniswa ukuba xa uqhuba uvavanyo oluphazamisayo, ukuthumela imiyalezo enjalo kukhokelela ekuphazamisekeni kwesicelo, okt. Nakunyaka ophelileyo kwaziwa ukuba kukho ubuthathaka obunokwenzeka kwikhowudi.
Emva kokuchonga umkhondo wokuqala wesixhobo sokuthomalalisa ngoLwesihlanu, iinjineli ze-Facebook zaqala ukuphuhlisa indlela yokukhusela, ngeCawa bavalela i-lophole kwinqanaba leziseko ze-server besebenzisa i-workaround, kwaye ngoMvulo baqala ukusasaza uhlaziyo olulungisa isoftware yomxhasi. Akukacaci okwangoku ukuba zingaphi izixhobo ezihlaselweyo kusetyenziswa ubuthathaka. Ekuphela kweengxelo ezixeliweyo yayiyimizamo engaphumelelanga ngeCawa yokubeka esichengeni i-smartphone yomnye wabalwela amalungelo oluntu esebenzisa indlela ekhumbuza itekhnoloji yeQela le-NSO, kunye nokuzama ukuhlasela i-smartphone yomqeshwa wombutho wamalungelo oluntu i-Amnesty International.
Ingxaki yaba ngaphandle kokupapashwa ngokungeyomfuneko Inkampani yakwa-Israel i-NSO Group, ekwazileyo ukusebenzisa ubuthathaka ukufaka ispyware kwii-smartphones ukubonelela ngovavanyo ngamaqumrhu omthetho. I-NSO ithe ijonga abathengi ngocoselelo olukhulu (isebenza kuphela nabanyanzelisi bomthetho kunye neearhente zobuntlola) kwaye iphande zonke izikhalazo zoxhatshazo. Ngokukodwa, kuye kwaqaliswa ulingo olunxulumene nohlaselo olurekhodiweyo kuWhatsApp.
I-NSO iyakukhanyela ukubandakanyeka kuhlaselo oluthile kunye namabango kuphela ukuphuhlisa itekhnoloji yeearhente zobuntlola, kodwa ixhoba lomlweli wamalungelo oluntu lizimisele ukubonisa ubungqina enkundleni ukuba inkampani yabelana ngoxanduva nabathengi abasebenzisa kakubi isoftware enikezelwe kubo, kwaye bathengisa iimveliso zayo kwiinkonzo ezaziwa ngazo. ukunyhashwa kwawo amalungelo oluntu.
I-Facebook iqalise uphando malunga nokuchasana okunokwenzeka kwezixhobo kunye neveki ephelileyo ngasese yabelane ngeziphumo zokuqala kunye neSebe lezoBulungisa lase-US, kwaye yazisa imibutho emininzi yamalungelo oluntu malunga nengxaki yokulungelelanisa ulwazi loluntu (kukho malunga ne-1.5 yeebhiliyoni zofakelo lwe-WhatsApp emhlabeni jikelele).
umthombo: opennet.ru