Google yakaisa chirevo che zero yezuva rekusagadzikana muna 2022

Darkcrizt

4 maminitsi

zero zuva

Zero zuva ishoko rakafara rinotsanangura kusadzivirirwa kusingazivikanwe nevashandisi uye kumugadziri kana kuvandudza.

Mazuva mashoma apfuura timu Google Security yavhurwa kuburikidza ne blog post, a report pane zvese zvakaunganidzwa gore rapfuura (2022) rine chekuita ne 0 zuva kusasimba uko kushandiswa kwakaonekwa kare kugadzira zvigamba kune zvine chekuita nenjodzi software.

Mumushumo wavo wakapihwa, vanotaura kuti muna 2022, Chikwata cheProjekti Zero chakaona kusagadzikana makumi mana nerimwe pazuva (40% yakaderera pane iyo yakawanikwa muna 2021) uye kuti kunyangwe kuderera kunoshamisa kwehuwandu hwekusagadzikana, huwandu huri kuramba huchikwira kupfuura avhareji yemakore matanhatu apfuura.

Iyi iongororo yechina yegore negore yeGoogle yemazuva 0 akashandiswa musango [2021, 2020, 2019] uye inovaka paongororo yepakati pegore ya2022. Chinangwa chechishumo ichi hachisi kudonongodza zvakaitwa nemunhu mumwe nemumwe, asi kuti kuongorora zvakaitwa gore rose, kutsvaga maitiro, mapeji, zvidzidzo zvakadzidzwa uye kubudirira.

0 zuva

Girafu yehuwandu hwekusagadzikana kwe zero yemakore apfuura

Izvo zvinotaurwa kuti kubuda kwehuwandu hukuru hwekusagadzikana kwezuva rezero kunogona kufambiswa nezvinhu sekuenderera mberi kudiwa kwevanorwisa kuti vashandise mabasa ekuita kurwisa uye nzira dziri nyore dzekutsvaga kusasimba kwakadaro, pamusoro pekuti kuwedzera kwekukurumidza kwekushandiswa kwezvigamba kunoita kuti zvive zvakakosha kutarisa kusakanganiswa kwemhando iyi pane kushandisa matambudziko atozivikanwa. Ichi zvakare chinhu, sezvo kusakwenenzvera kunobvumira vanyori vanobiridzira kuti vawane matsva ekurwisa mavheji ekusagadzikana kunozivikanwa.

Semuyenzaniso, zvinopfuura makumi mana muzana (40 kubva pamakumi mana nerimwe) ezviitiko zvemazuva-zero zvakaonekwa muna 17 zvine hukama nekwakamboitwa zvigamba uye kuburitswa pachena. Mukana wakadaro unomuka nekuda kwekusakwana kwakakwana kana kwakaderera-mhando yekugadzirisa kwehurema - vagadziri vezvirongwa zvisina njodzi vanowanzogadzirisa chete yakakosha kesi kana kungoita kutaridzika kwekugadzirisa pasina kusvika pamudzi wedambudziko. Kusagadzikana kwezuva-zero kwakadaro kwaigona kunge kwakadzivirirwa nekumwe kuferefetwa nekugadzirisa kusasimba.

Kuderera kwehuwandu hwehutera 0 zuva zvichienzaniswa ne2021 inogona kutsanangurwa nechokwadi chokuti nguva yakawanda, ruzivo nemari zvinodiwa kugadzira zvigadzirwa, huwandu hwehusimba hunoshandiswa hunoderera nekuda kwekushandiswa kwakanyanya kwemaitiro ekudzivirira, pane imwe neimwe kushandiswa, maitiro matsva ekushanda anowanzo gadzirwa.

Kudzikira kwekusagadzikana kwezuva 0 kungave kuri nekuda kwekushandiswa kwenzira dzakareruka dzekurwisa dzakadai se phishing uye kugovera malware. Inogona zvakare kukanganiswa nekugona kunzvenga zviwanikwa zvezvinozivikanwa kusasimba nekuda kwevashandisi kunonoka kushandiswa kwezvigadziriso.

Chirevo chinogumisa kuti mashandisiro eN-zuva akabatikana kusasimba mu Android hakuna kushoma pane 0-zuva kusasimba. nekuda kwekunonoka kwevanopa mukugadzira zvigadziriso. Semuyenzaniso, kunyangwe Google ikakurumidza kugadzirisa kusagadzikana mu Android core platform, kugadzirisa kwekusagadzikana uku kunogona kunge kusingawanikwe kune vazhinji vashandisi kusvika mwedzi gare gare, sezvo vagadziri vekupedzisira-chishandiso vanowanzo nonoka kugadzirisa chiteshi kune yako firmware revisheni.

Muenzaniso ndeye CVE-2022-3038 vulnerability yakaratidzwa muChrome 105 browser injini uye yakagadziriswa munaJune 2022. Kusagadzikana uku kwakaramba kusingagadziriswi kwenguva yakareba mumabhurawuza chaiwo kubva kune vatengesi vakaita seSamsung Internet. Muna Zvita 2022, chokwadi chekurwiswa kwevashandisi veSamsung vachishandisa mukana wekusagadzikana uku zvakaburitswa (muna Zvita, iyo yazvino vhezheni yeSamsung Internet browser yakaramba ichishandisa Chromium 102 injini, yakaburitswa muna Chivabvu 2022).

Panguva imwe chete, kune mabhurawuza, pane zvakare shanduko mune zvaunofarira kubva kune vanyori vekushandisa mukuda 0-tinya zvibodzwa pamusoro pe-1-tinya zviitwa. 0-tinya inoreva kusasimba kusingade chiito chemushandisi, kazhinji kuchikanganisa zvikamu kunze kwebrowser code pachayo.

Zvinotaurwa kuti 0-tinya kusagadzikana kwakaoma kuona nekuti:

  • ndezvenguva pfupi
  • Kazhinji havana chiratidzo chinooneka chekuvapo kwavo.
  • Iwe unogona kunanga akawanda akasiyana zvikamu uye vanopa havatombo gara vachiziva zvese zvikamu zvinogona kuwanikwa kure
  • Kuunzwa zvakananga kune chakanangana panzvimbo pekuwanikwa zvakanyanya sepamugero kurwisa
  • Kazhinji haigamuchirwe pawebhusaiti inobhurawuza kana sevha

Nepo ne-1-tinya, pane chinongedzo chinooneka icho chinongedzerwa chinofanira kudzvanya kuti chibudise icho. Izvi zvinoreva kuti chinangwa kana kuchengetedza maturusi anogona kuona chinongedzo. Iwo maexploits anobva agarwa pane server inogona kubhuroka pane iyo link.

pakupedzisira kana uri kufarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako