Dambudziko rakagadziriswa mushanduro dzakapfuura paApple kubvira kutanga kwegore rapfuura, amuka zvakare, nekuti nguva pfupi yadarika se vakaona kuti varwisi vaive vachishingairira kushandisa zero-zuva kunetseka pa Android izvo inokutendera iwe kutora izere kutonga kweakasiyana mafoni mamodheru, kusanganisira 4 mamodheru Google Pixel, Huawei, Xiaomi zvishandiso, Samsung nevamwe, akadaro nhengo yeGoogle Zero Project Research Group.
Kunetseka yakaverengerwa se "kukwirira kwakanyanya" pane Android Chiri chakaipisisa, kushandisa kwacho kunoda kushoma kuita tsika yekudzika nhare dzinotambura. Meseji kubva kuboka reGoogle rekutsvaga yakaratidza kuti bhugi, rakawanikwa svondo rapfuura, raishandiswa zvakanyanya, kungave neboka reNSO kana nemumwe wevatengi vayo.
Zvisinei, vamiririri veboka vakaramba chero mutoro nekushandisa iko kukanganisa. NSO Boka anoshandisa uye spyware mushambadzi anotengesa kune akasiyana ehurumende masangano.
Mune email, vamiriri veNSO Boka vakanyora mushure mekuburitswa kwekushandisa:
“NSO haina kutengesa uye haizombotengesa zvinoitwa kana kusagadzikana. Ichi feat hachinei nechekuita neNSO; basa redu rinotarisa kuvandudzwa kwezvigadzirwa zvakagadzirirwa kubatsira vamiririri vehungwaru nevamiriri vemitemo kuchengetedza hupenyu.
Iri boka, rakavakirwa muIsrael uye rakanangana neruzivo rwehunyanzvi kuhurumende kune espionage yema mobile terminals uye kusimudzira kwe «zvombo zvemadhijitari», yakaratidzirwa zvakadaro nekuwanikwa muna2016 na2017, nevatsvagiri veCitizen Lab yeYunivhesiti. kubva kuToronto, yepamberi mbozhanhare yesoftware yaakagadzira ndokudana kuti Pegasus.
Google yave ichishingairira uye ichikurumidza nezvidziviriro (Munguva pfupi yapfuura semwedzi wapfuura, Google yakaburitsa mapepa ekuchengetedza emafoni eGoogle Pixel uye nemamwe mafoni mazhinji.) Asi zvese izvi hazvina kudzivirira kusagadzikana kutsva muApple.
Uku kushandisa ndeye kernel ropafadzo kukura kushandisa chinetso, icho inobvumira uyo anorwisa kuti anyengere zvakakwana mudziyo unoshaya nekuubvisa. Nekuti iko kushandisa kunogona kuwanikwawo kubva kuChannel sandbox, inogona zvakare kuendeswa kuburikidza newebhu kana ichinge yabatanidzwa nechisimba icho chinotarisana nenjodzi mukodhi yeChannel iyo inoshandiswa kupa zvemukati.
Uku kunetseka inotendwa kuti inogadziriswa kutanga kwa2018 muLinux Kernel LTS vhezheni 4.14 asi hapana CVE yekutevera. Iyo fix yakaiswa mukati meiyo Android kernel vhezheni 3.18, 4.4, uye 4.9. Nekudaro, mhinduro yacho haina kusvika kune ekuvandudzwa ekuchengetedzwa kweApple akatevera, ichisiya michina yakati wandei kuchikanganiso ichi icho chave kuteverwa seCVE-2019-2215.
Maddie Stone, nhengo yeProjekti Zero, akataura mune meseji kuti "iyo bug inenjodzi inowedzera mikana yemuno uye inobvumidza kukanganiswa kwakazara kwechigadzirwa chinotambura."
Ndinoreva anorwisa anogona kuisa chinokuvadza pazvinhu zvakakanganisika uye osvika pamudzi Pasina ruzivo rwemushandisi, kuti iwe ugone kudzora izere nechigadzirwa. Uye sezvo ichigona kusanganiswa pamwe nekumwe kushandiswa muChannel browser, uyo anorwisa anogona zvakare kuendesa iyo yakaipa application kuburikidza newebhusaiti, kubvisa kudiwa kwekuwana panyama pachigadzirwa.
"Asina kukwana" runyorwa rwezvishandiso zvakatsikiswa neboka reGoogle rekutsvagira semidziyo yakakanganiswa ndeiyi:
- Pixel 1
- Pixel 1 XL
- Pixel 2
- Pixel 2 XL
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Cherechedza 5
- xiaomi a1
- oppo A3
- Moto Z3
- LG Nhare
- Samsung S7
- Samsung S8
- Samsung S9
Bato reZero reProjekti rekutsvagurudza rakagovanisa humbowo hwepfungwa-hwe-pfungwa kuratidza kuti mabhagoni aya angashandiswa sei kuwana kernel yekuverenga / kunyora panguva yekuurayiwa kwemuno.
Nekudaro, imwe nhengo yeboka reGoogle reZero Project yakati kushupika uku kuchatogadziriswa munaOctober Android yekudzoreredza yekuvandudza, iyo inogona kuzowanikwa mumazuva mashoma anotevera.