I-Check Point ihlonze ukuba sengozini kumadekhoda wefomethi yokuminyanisa yomsindo we-ALAC (Apple Lossless Audio Codec) ehlinzekwa yi-MediaTek (CVE-2021-0674, CVE-2021-0675) kanye ne-Qualcomm (CVE-2021-30351). Inkinga ivumela ikhodi yomhlaseli ukuthi isetshenziswe lapho kusetshenzwa idatha efomethwe ngokukhethekile ngefomethi ye-ALAC.
Ingozi yokuba sengozini ibhebhezelwa ukuthi ithinta amadivayisi asebenzisa inkundla ye-Android efakwe ama-chips e-MediaTek ne-Qualcomm. Njengomphumela wokuhlasela, umhlaseli angakwazi ukuhlela ukwenziwa kohlelo olungayilungele ikhompuyutha kudivayisi ekwazi ukufinyelela ukuxhumana komsebenzisi nedatha ye-multimedia, okuhlanganisa idatha esuka kukhamera. Kulinganiselwa ukuthi i-2/3 yabo bonke abasebenzisi be-smartphone ngokusekelwe ku-platform ye-Android bathintwa inkinga. Isibonelo, e-US, isamba sawo wonke ama-smartphones e-Android athengiswe ngekota yesi-4 ka-2021 athunyelwa nama-MediaTek nama-chips e-Qualcomm sasingu-95.1% (48.1% - MediaTek, 47% - Qualcomm).
Imininingwane yokuxhashazwa kobungozi ayikadalulwa, kodwa kubikwa ukuthi izingxenye ze-MediaTek ne-Qualcomm zeplathifomu ye-Android zaqedwa ngoDisemba 2021. Umbiko wangoDisemba omayelana nokuba sengozini kunkundla ye-Android uhlonze izinkinga njengobungozi obubalulekile ezingxenyeni zobunikazi zama-chip e-Qualcomm. Ukuba sengozini kwezingxenye ze-MediaTek akukhulunywa ngakho emibikweni.
Ukuba sengozini kuyathakazelisa ngenxa yezimpande zakho. Ngo-2011, i-Apple yavula ikhodi yomthombo ye-codec ye-ALAC, evumela ukucindezelwa kwedatha yomsindo ngaphandle kokulahlekelwa ikhwalithi, ngaphansi kwelayisensi ye-Apache 2.0, futhi yenza kwaba nokwenzeka ukusebenzisa wonke amalungelo obunikazi ahlobene ne-codec. Ikhodi yashicilelwa kodwa yashiywa inganakekelwa futhi ayizange ishintshwe kule minyaka engu-11 edlule. Ngasikhathi sinye, i-Apple yaqhubeka nokusekela ngokwehlukana ukuqaliswa okusetshenziswa ezisekelweni zayo, okuhlanganisa nokuqeda amaphutha nobuthakathaka kuwo. I-MediaTek ne-Qualcomm zisekelwe ekusetshenzisweni kwe-codec ye-ALAC kukhodi yomthombo ovulekile yasekuqaleni ye-Apple, kodwa ayizange ifake ubungozi okubhekiswe ekusetshenzisweni kwe-Apple kuma-patches abo.
Alukho ulwazi okwamanje mayelana nokuba sengozini kukhodi yeminye imikhiqizo esebenzisa ikhodi ye-ALAC ephelelwe yisikhathi. Isibonelo, ifomethi ye-ALAC isekelwe kusukela ku-FFmpeg 1.1, kodwa ikhodi enokuqaliswa kwe-decoder igcinwa ngokuqhubekayo.
Source: opennet.ru