Kuphrosesa yesithombe se-Qmage ehlinzekwe ku-Samsung Android firmware, eyakhelwe ohlelweni lokunikezela ngezithombe ze-Skia,
Inkinga kukholakala ukuthi ibikhona kusukela ngo-2014, iqala nge-firmware esekelwe ku-Android 4.4.4, eyengeze izinguquko ukuze isingathe amafomethi ezithombe ezengeziwe ze-QM, QG, ASTC kanye ne-PIO (PNG variant). Ukuba sengozini
Inkinga ikhonjwe ngesikhathi sokuhlolwa kwe-fuzz unjiniyela ovela kwa-Google, ophinde wafakazela ukuthi ubungozi abugcini nje ngokuphahlazeka futhi walungisa isibonelo esisebenzayo sokudlula ukuvikela kwe-ASLR bese wethula isibali ngokuthumela uchungechunge lwemilayezo ye-MMS ku-Samsung. I-Galaxy Note 10+ smartphone esebenzisa inkundla ye-Android 10.
Esibonelweni esibonisiwe, ukuxhaphaza okuyimpumelelo kudinga cishe imizuzu eyi-100 ukuhlasela nokuthumela imilayezo engaphezu kwe-120. Ukuxhaphaza kuqukethe izingxenye ezimbili - esigabeni sokuqala, ukudlula i-ASLR, ikheli lesisekelo linqunywa kumitapo yolwazi ye-libskia.so kanye ne-libhwui.so, futhi esigabeni sesibili, ukufinyelela ukude kudivayisi kunikezwa ngokwethula βukuhlehla igobolondoβ. Kuye ngesakhiwo sememori, ukucacisa ikheli lesizinda kudinga ukuthumela imiyalezo esuka ku-75 kuya ku-450.
Ukwengeza, kungaphawulwa
- I-CVE-2020-0096 iwukuba sengozini kwasendaweni okuvumela ukwenziwa kwekhodi lapho kucutshungulwa ifayela eliklanywe ngokukhethekile);
- I-CVE-2020-0103 iwukuba sengcupheni okukude ohlelweni oluvumela ukukhishwa kwekhodi lapho kucutshungulwa idatha yangaphandle eklanywe ngokukhethekile);
- I-CVE-2020-3641 iwubungozi ezingxenyeni zobunikazi be-Qualcomm).
Source: opennet.ru