Ulwazi olubalulekile
(CVE-2019-3568) kuhlelo lokusebenza leselula le-WhatsApp, elikuvumela ukuthi wenze ikhodi yakho ngokuthumela ikholi yezwi eklanywe ngokukhethekile. Ukuze kube nokuhlasela okuphumelelayo, impendulo ocingweni olunonya ayidingeki. Kodwa-ke, ucingo olunjalo ngokuvamile aluveli ohlwini lwamakholi futhi ukuhlasela kungase kungabonakali kumsebenzisi.
Ukuba sengozini akuhlobene nephrothokholi Yesiginali, kodwa kubangelwa ukuchichima kwebhafa kusitaki se-VoIP esiqondene ne-WhatsApp. Inkinga ingaxhashazwa ngokuthumela uchungechunge oluklanywe ngokukhethekile lwamaphakethe e-SRTCP kudivayisi yesisulu. Ukuba sengozini kuthinta i-WhatsApp ye-Android (elungiswe ku-2.19.134), i-WhatsApp Business ye-Android (ilungiswe ku-2.19.44), i-WhatsApp ye-iOS (2.19.51), i-WhatsApp Business ye-iOS (2.19.51), i-WhatsApp yeWindows Phone ( 2.18.348) kanye ne-WhatsApp ye-Tizen (2.18.15).
Kuyathakazelisa ukuthi ngonyaka odlule I-WhatsApp kanye ne-Facetime Project Zero idonsele ukunaka kwephutha elivumela imilayezo yokulawula ehlobene nekholi yezwi ukuthi ithunyelwe futhi icutshungulwe esiteji ngaphambi kokuba umsebenzisi amukele ikholi. I-WhatsApp yanconywa ukuthi isuse lesi sici futhi yaboniswa ukuthi lapho kuhlolwa i-fuzzing, ukuthumela imilayezo enjalo kuholela ezingozini zohlelo lokusebenza, i.e. Nangonyaka odlule bekwaziwa ukuthi kukhona okungase kube khona ukuxega ekhodini.
Ngemuva kokuhlonza iminonjana yokuqala yokuyekethisa kwedivayisi ngoLwesihlanu, onjiniyela be-Facebook baqale ukwenza indlela yokuvikela, ngeSonto bavimbe i-lophole ezingeni lengqalasizinda yeseva besebenzisa i-workaround, kwathi ngoMsombuluko baqala ukusabalalisa isibuyekezo esilungise isoftware yeklayenti. Akukacaci okwamanje ukuthi mangaki amadivayisi ahlaselwe kusetshenziswa ukuba sengozini. Okuwukuphela kwemibiko ebikiwe ngeyomzamo ongaphumelelanga wangeSonto wokubeka engcupheni i-smartphone yesinye sezishoshovu zamalungelo abantu sisebenzisa indlela ekhumbuza ubuchwepheshe be-NSO Group, kanye nomzamo wokuhlasela i-smartphone yesisebenzi senhlangano elwela amalungelo abantu i-Amnesty International.
Inkinga yayingekho emphakathini ongenasidingo Inkampani yakwa-Israel i-NSO Group, ekwazile ukusebenzisa ubungozi bokufaka i-spyware kuma-smartphones ukuze ihlinzeke ngokugadwa yizikhungo zomthetho. I-NSO ithe ihlola amakhasimende ngokucophelela (isebenza kuphela neziphathimandla zokugcinwa komthetho nezobunhloli) futhi iphenya zonke izikhalazo zokuhlukunyezwa. Ikakhulukazi, sekuqaliwe ukulingwa okuhlobene nokuhlaselwa okurekhodiwe ku-WhatsApp.
I-NSO iyakuphika ukubandakanyeka ekuhlaselweni okuqondile kanye nezimangalo zokuthuthukisa ubuchwepheshe bezinhlangano zezobunhloli kuphela, kodwa isisulu isishoshovu samalungelo abantu sihlose ukufakazela enkantolo ukuthi inkampani yabelana ngomthwalo wemfanelo namakhasimende asebenzisa kabi isofthiwe enikezwe wona, futhi adayise imikhiqizo yayo kumasevisi owaziwa ngawo. ukwephulwa kwabo kwamalungelo abantu.
I-Facebook iqale uphenyo mayelana nokungahle kube sengozini yemishini futhi ngesonto eledlule yabelane ngasese ngemiphumela yokuqala noMnyango Wezobulungiswa wase-US, futhi yazisa izinhlangano zamalungelo abantu ezimbalwa mayelana nenkinga yokuxhumanisa ukuqwashisa komphakathi (kune-WhatsApp engaba yizigidi eziyizinkulungwane ezingu-1.5 emhlabeni jikelele).
Source: opennet.ru