Kwiprosesa yemifanekiso ye-Qmage ebonelelwe kwi-Samsung Android firmware, eyakhelwe kwinkqubo yokunikezela ngemizobo ye-Skia,
Ingxaki ikholelwa ukuba ikhona ukususela kwi-2014, iqala nge-firmware esekelwe kwi-Android 4.4.4, eyongeza utshintsho lokusingatha iifomati ezongezelelweyo ze-QM, QG, ASTC kunye ne-PIO (i-PNG variant). Ukuba sesichengeni
Ingxaki ichongiwe ngexesha lovavanyo lwe-fuzz yinjineli evela kuGoogle, ekwangqina ukuba sesichengeni akupheleliselwanga kwiingozi kwaye yalungiselela iprototype esebenzayo ye-exploit edlula ukhuseleko lwe-ASLR kwaye iqalise icalculator ngokuthumela uthotho lwemiyalezo ye-MMS kwi-Samsung. I-Galaxy Note 10+ ye-smartphone eqhuba iqonga le-Android 10.
Kumzekelo obonisiweyo, uxhatshazo oluyimpumelelo lufune malunga nemizuzu eli-100 ukuhlasela nokuthumela imiyalezo engaphezu kwe-120. I-exploit inamacandelo amabini - kwinqanaba lokuqala, ukudlula i-ASLR, idilesi yesiseko imiselwe kwiilayibrari ze-libskia.so kunye ne-libhwui.so, kwaye kwinqanaba lesibini, ukufikelela kude kwisixhobo kubonelelwa ngokusungula "umva". iqokobheβ. Ngokuxhomekeke kwimemori yoyilo, ukumisela idilesi yesiseko kufuna ukuthumela ukusuka kwi-75 ukuya kwi-450 imiyalezo.
Ukongezelela, kunokuqatshelwa
- I-CVE-2020-0096 bubuthathaka bendawo obuvumela ukuphunyezwa kwekhowudi xa kusetyenzwa ifayile eyilwe ngokukodwa);
- I-CVE-2020-0103 bubuthathaka obukude kwinkqubo evumela ukuphunyezwa kwekhowudi xa kusetyenzwa ngokukhethekileyo idatha yangaphandle eyilwe ngokukodwa;
- I-CVE-2020-3641 bubuthathaka kumacandelo obunini be-Qualcomm).
umthombo: opennet.ru