Kuthiwani uma ngikutshela ukuthi okuwukuphela komsebenzi wengxenye yesofthiwe yokuvimbela amagciwane enesignesha ethembekile yedijithali ukuqoqa zonke izifakazelo zakho ezigcinwe kuziphequluli ze-inthanethi ezidumile? Kuthiwani uma ngithi akunandaba ukuthi izithakazelo zikabani ukuziqoqa? Cishe uzocabanga ukuthi ngiyazikhohlisa. Ake sibone ukuthi kunjani ngempela?
Ukuqonda
Uphila futhi uhlala inkampani elwa namagciwane njenge
Masibe nentshisekelo kunguqulo yamahhala futhi sibone ukuthi umkhiqizo wozakwethu baseJalimane ungenzani. Sibheka phezu kwesixhumi esibonakalayo - akukho okungajwayelekile. Asitholi noma yikuphi okushiwo ngomunye wemikhiqizo yenkampani - I-Avira Password Manager.
Ake sibheke ingxenye enegama elingadonsi ukunaka "I-Avira.PWM.NativeMessaging.exe"? Ihlanganiselwe inkundla ye-.NET futhi ayifiphazwanga nganoma iyiphi indlela, ngakho siyilayisha ku-dnSpy futhi sitadishe ngokukhululekile ikhodi yohlelo.
Uhlelo luwuhlelo lwekhonsoli futhi lulindele imiyalo ekusakazweni kokufakwayo okujwayelekile. Umsebenzi oyinhloko usebenzisa "Funda" ifunda idatha ekusakazweni, ihlola ifomethi bese idlulisela umyalo emsebenzini "ProcessMessage" Ngokufanayo, ihlola ukuthi umyalo odlulisiwe uthi "landaChromePasswords"noma"ukulandaIziqinisekiso" (nakuba wenza muphi umehluko uma ukuziphatha okuqhubekayo kufana?) bese ingxenye ethakazelisa kakhulu iqala - ukubiza umsebenzi "RetrieveBrowserCredentials" Kuyathakazelisa ngisho ... yini umsebenzi onalelo gama ongayenza?
Akukho okungajwayelekile, ivele iqoqele ohlwini olulodwa wonke ama-akhawunti omsebenzisi alondolozwe lapho usebenza neziphequluli ze-inthanethi βChromeβ, βOperaβ (okusekelwe ku-Chromium), βFirefoxβ kanye βne-Edgeβ (okusekelwe ku-Chromium) bese ibuyisela idatha njenge Into ye-JSON.
Hhayi-ke, bese ikhombisa idatha eqoqiwe kukhonsoli:
Umnyombo wenkinga
- Ingxenye iqoqa imininingwane yomsebenzisi;
- Ingxenye ayiluqinisekisi uhlelo lokushaya ucingo (isibonelo, ngokuthi inalo yini isiginesha yedijithali evela kumkhiqizi uqobo);
- Ingxenye inesiginesha yedijithali "ethenjwayo" futhi ayiphakamisi ukusola phakathi kwabanye abakhiqizi besofthiwe yokulwa namagciwane;
- Ingxenye isebenza njengohlelo lokusebenza oluhlukile.
I-IoC
SHA1: 13c95241e671b98342dba51741fd02621768ecd5.
I-CVE-2020-12680 ikhishelwe lolu daba.
Ngomhlaka 07.04.2020/XNUMX/XNUMX ngathumela incwadi ngale nkinga ku: [i-imeyili ivikelwe] ΠΈ [i-imeyili ivikelwe] ngencazelo egcwele. Bezingekho izincwadi zokuphendula, okuhlanganisa namasistimu azenzakalelayo. Ngemva kwenyanga, ingxenye echazwe isatshalaliswa ekusabalaliseni kwe-Avira Free Antivirus.
Source: www.habr.com