Kuwopsa kwa Android kumalola kuti ma code akutali atsegulidwe ndi Bluetooth

Adamasulidwa posachedwa ndondomeko ya Android February, momwe muli anakonza chiopsezo chachikulu (yolembedwa ngati CVE-2020-0022) pa bulutufi la bulutufi, yomwe imakupatsani mwayi wopanga ma code akutali potumiza phukusi la Bluetooth mwaluso.

Vutolo lidasankhidwa kukhala lovuta kuyambira izi itha kugwiritsidwa ntchito mochenjera ndi woukira yemwe ali mumtundu wa Bluetooth ndiponso kuti ichi sikutanthauza kulumikizana ndi wothandizidwayo. Ndizotheka kuti chiwopsezo chitha kupangidwa kuti apange mphutsi zomwe zimalumikiza zida zoyandikana.

Pofuna kuukira, ndikokwanira kudziwa adilesi ya MAC yachida cha wozunzidwayo (palibe kuyimilira koyambirira kofunikira, koma Bluetooth iyenera kuyatsidwa pachidacho). Pa zipangizo zina, Adilesi ya Bluetooth MAC imatha kuwerengedwa potengera adilesi ya Wi-Fi MAC.

Ngati chiwopsezo chikugwiritsidwa ntchito bwino, wowukira akhoza kupanga nambala yanu ndi ufulu wa njira yakumbuyo yomwe imagwirizanitsa ntchito ya Bluetooth pa Android. Vutoli ndilopadera kwa okwana Bluetooth omwe amagwiritsidwa ntchito mu Android (kutengera nambala ya Ntchito ya Broadcom's BlueDroid) ndipo sichipezeka mgulu la BlueZ logwiritsidwa ntchito mu Linux.

Ofufuza amene adazindikira vutoli adatha kukonzekera mtundu wazomwe amachita, koma tsatanetsatane wa ntchitoyi adzamasulidwa pambuyo pake, kuwongolera kukafika kwa ogwiritsa ntchito ambiri.

Zikungodziwika kuti kusatetezeka ilipo phukusi lokhazikitsa phukusi ndipo Zimayambitsidwa ndi kuwerengera kolakwika kwa kukula kwa paketi ya L2CAP (logical link adaptation and control protocol) ngati zomwe wofalitsa amatumiza zikuposa kukula kwake.

Mu Android 8.0 mpaka 9.0, wowukira pafupi akhoza kuchita mwakachetechete malamulo ndi mwayi wa daemon la Bluetooth bola kulumikizana kumeneku kukhale kotheka.

Palibe kuyanjana kwa ogwiritsa ntchito komwe kumafunikira ndipo ndi adilesi ya Bluetooth MAC yokha yazida zomwe mukufuna kudziwa. Pazida zina, adilesi ya Bluetooth MAC imatha kuchepetsedwa kuchokera ku adilesi ya WiFi MAC. Kuwonongeka kumeneku kumatha kubweretsa zidziwitso zanu ndipo kumatha kugwiritsidwa ntchito kufalitsa pulogalamu yaumbanda. Mu Android 10, kusatetezeka kumeneku sikungagwiritsidwe ntchito pazifukwa zaukadaulo ndipo kumangopangitsa kuti daemon ya Bluetooth iwonongeke ", akufufuza ochita kafukufuku

Pa Android 8 ndi 9, vutoli limatha kubweretsa kuphedwa kwa code, pakapena mu Android 10 imangolephera kugwa ndondomeko yakumbuyo ya Bluetooth.

Mitundu yakale ya Android imatha kukhala ndi vuto, koma sizinayesedwe ngati cholakwika ichi chitha kugwiritsidwa ntchito bwino.

Kuphatikiza pa vutoli ladziwika, mu February's Android Security Suite, Zowonongeka za 26 zidakonzedwa, pomwe chiopsezo china (CVE-2020-0023) adapatsidwa gawo lowopsa.

Kuopsa kwachiwiri kumakhudzanso okwanira kwa Bluetooth ndipo imagwirizanitsidwa ndi kukonza mwayi wolakwika BLUETOOTH_PRIVILEGED mu setPhonebookAccessPermission.

Ponena za zovuta zomwe zadziwika kuti ndizowopsa, mavuto a 7 adathetsedwa m'makina ndi mapulogalamu, 4 m'zinthu zamagetsi, 2 mu kernel ndi 10 pazigawo zotseguka komanso zopangira zida za Qualcomm.

Pomaliza, ogwiritsa ntchito akulangizidwa kuti akhazikitse pulogalamu ya firmware yomwe yaikidwa. pazida zanu ASAP ndipo ngati izi sizingatheke(imagwira ntchito mamiliyoni azida kuchokera kuzinthu zomwe zimayambitsa zida zotsika mtengo) zomwe sankhani mwayi woti muzimitsa Bluetooth mwachisawawa (popeza sizomveka kukhala nayo nthawi zonse kupatula kuti pochita izi amathandizira kukonza batire), kupatula apo ikulangizidwanso kuti kusazindikira kuyenera kuzida komanso kutsegula Bluetooth m'malo opezeka anthu ambiri (zimangolimbikitsidwa kutero ngati kuli kofunikira), zimatchulidwanso kuti kulowetsedwa kwa mahedifoni opanda zingwe kulimbikitsidwa.

Malangizowo omwe amawapanga ngati ofufuza akuti akangotsimikiza kuti zigamba zafika kwa ogwiritsa ntchito kumapeto, azisindikiza pepala loyenera pachiwopsezochi, kuphatikiza kufotokozera zakugwiritsa ntchito komanso umboni wazachinsinsi.

Koma monga tanenera, zida zambiri zamtundu zomwe sizimatulutsa zosintha zilizonse kapena zomwe zathandizidwa kale zimakhala pachiwopsezo.

Chitsime: https://insinuator.net


Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Khalani oyamba kuyankha

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.