Kusitaki sechip esingenantambo se-Qualcomm ubungozi obuthathu okwethulwa ngaphansi kwegama lekhodi “QualPwn”. Inkinga yokuqala (CVE-2019-10539) ivumela amadivayisi e-Android ukuthi ahlaselwe ukude nge-Wi-Fi. Inkinga yesibili ikhona ku-firmware yokuphathelene ne-Qualcomm wireless stack futhi ivumela ukufinyelela kumodemu ye-baseband (CVE-2019-10540). Inkinga yesithathu kumshayeli we-icnss (CVE-2019-10538) futhi yenza kube nokwenzeka ukufeza ukusetshenziswa kwekhodi yayo ezingeni le-kernel leplathifomu ye-Android. Uma inhlanganisela yalobu bungozi isetshenziswa ngempumelelo, umhlaseli angakwazi ukulawula idivayisi yomsebenzisi esebenza kuyo i-Wi-Fi (ukuhlasela kudinga ukuthi isisulu nomhlaseli baxhunywe kunethiwekhi efanayo engenantambo).
Amandla okuhlasela akhonjiswe kuma-smartphones e-Google Pixel2 kanye ne-Pixel3. Abacwaningi balinganisela ukuthi inkinga ingase ithinte amadivayisi angaphezu kwezinkulungwane ezingama-835 ngokusekelwe ku-Qualcomm Snapdragon 835 SoC nama-chips amasha (kusukela nge-Snapdragon 835, i-firmware ye-WLAN yahlanganiswa ne-subsystem yemodemu futhi yasebenza njengohlelo lokusebenza olulodwa endaweni yomsebenzisi). Ngu I-Qualcomm, inkinga ithinta ama-chips amaningana ahlukene.
Okwamanje, ulwazi olujwayelekile kuphela olumayelana nokuba sengcupheni olutholakalayo, kanye nemininingwane izodalulwa ngo-Agasti 8 engqungqutheleni Yezigqoko Ezimnyama. I-Qualcomm ne-Google bazisiwe ngezinkinga ngoMashi futhi sebezikhiphile izilungiso (i-Qualcomm yaziswa ngezinkinga eziku- , futhi i-Google ilungise ubungozi Isibuyekezo senkundla ye-Android). Bonke abasebenzisi bamadivayisi asuselwe kuma-chip e-Qualcomm bayanconywa ukuthi bafake izibuyekezo ezitholakalayo.
Ngokungeziwe ezindabeni ezihlobene nama-chip e-Qualcomm, isibuyekezo sika-Agasti kunkundla ye-Android siphinde sisuse ukuba sengozini okubalulekile (CVE-2019-11516) kusitaki se-Broadcom Bluetooth, esivumela umhlaseli ukuthi asebenzise ikhodi yakhe kumongo wenqubo eyilungelo ukuthumela isicelo sokudlulisa idatha esiklanywe ngokukhethekile. Ukuba sengozini (CVE-2019-2130) kuxazululiwe ezingxenyeni zesistimu ye-Android ezingavumela ukusetshenziswa kwekhodi okunamalungelo aphakeme lapho kucutshungulwa amafayela e-PAC aklanywe ngokukhethekile.
Source: opennet.ru