I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini ku-Samsung Android firmware kusetshenziswe ngokuthumela i-MMS

Ukuba sengozini ku-Samsung Android firmware kusetshenziswe ngokuthumela i-MMS

Kuphrosesa yesithombe se-Qmage ehlinzekwe ku-Samsung Android firmware, eyakhelwe ohlelweni lokunikezela ngezithombe ze-Skia, ukuba sengozini (CVE-2020-8899), ekuvumela ukuthi uhlele ukusetshenziswa kwekhodi lapho ucubungula izithombe kumafomethi we-QM ne-QG (β€œ.qmg”) kunoma yiluphi uhlelo lokusebenza. Ukuze enze ukuhlasela, umsebenzisi akadingi ukwenza noma yiziphi izenzo; esimweni esilula, kwanele ukuthumela isisulu i-MMS, i-imeyili, noma umlayezo wengxoxo oqukethe isithombe esiklanywe ngokukhethekile.

Inkinga kukholakala ukuthi ibikhona kusukela ngo-2014, iqala nge-firmware esekelwe ku-Android 4.4.4, eyengeze izinguquko ukuze isingathe amafomethi ezithombe ezengeziwe ze-QM, QG, ASTC kanye ne-PIO (PNG variant). Ukuba sengozini kuqedwe Π² izibuyekezo I-firmware ye-Samsung ikhishwe ngoMeyi 6. Inkundla eyinhloko ye-Android kanye ne-firmware evela kwabanye abakhiqizi ayithinteki kule nkinga.

Inkinga ikhonjwe ngesikhathi sokuhlolwa kwe-fuzz unjiniyela ovela kwa-Google, ophinde wafakazela ukuthi ubungozi abugcini nje ngokuphahlazeka futhi walungisa isibonelo esisebenzayo sokudlula ukuvikela kwe-ASLR bese wethula isibali ngokuthumela uchungechunge lwemilayezo ye-MMS ku-Samsung. I-Galaxy Note 10+ smartphone esebenzisa inkundla ye-Android 10.


Esibonelweni esibonisiwe, ukuxhaphaza okuyimpumelelo kudinga cishe imizuzu eyi-100 ukuhlasela nokuthumela imilayezo engaphezu kwe-120. Ukuxhaphaza kuqukethe izingxenye ezimbili - esigabeni sokuqala, ukudlula i-ASLR, ikheli lesisekelo linqunywa kumitapo yolwazi ye-libskia.so kanye ne-libhwui.so, futhi esigabeni sesibili, ukufinyelela ukude kudivayisi kunikezwa ngokwethula β€œukuhlehla igobolondo”. Kuye ngesakhiwo sememori, ukucacisa ikheli lesizinda kudinga ukuthumela imiyalezo esuka ku-75 kuya ku-450.

Ukwengeza, kungaphawulwa ukushicilelwa Kwangathi isethi yokulungiswa kokuvikeleka kwe-Android, elungise ubungozi obungu-39. Izinkinga ezintathu zinikezwe izinga elibucayi lengozi (imininingwane ayikadalulwa):

  • I-CVE-2020-0096 iwukuba sengozini kwasendaweni okuvumela ukwenziwa kwekhodi lapho kucutshungulwa ifayela eliklanywe ngokukhethekile);
  • I-CVE-2020-0103 iwukuba sengcupheni okukude ohlelweni oluvumela ukukhishwa kwekhodi lapho kucutshungulwa idatha yangaphandle eklanywe ngokukhethekile);
  • I-CVE-2020-3641 iwubungozi ezingxenyeni zobunikazi be-Qualcomm).

Source: opennet.ru

Engeza amazwana