I-aCropalypse, i-bug kwizixhobo zePixel ekuvumela ukuba ubuyisele iifoto zesikrini

Umngcipheko

Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.

Ulwazi lukhutshwe malunga ukuba sesichengeni (esele ifakwe kwikhathalogu phantsi kwe-CVE-2023-21036) ichongiwe kwi-Markup app isetyenziswe ngaphakathi ii-smartphones Google Pixel ukunqamla kwaye uhlele imifanekiso yesikrini, evumela ubuyiselo lwenxenye yolwazi olusikiweyo okanye oluhleliweyo.

Iinjineli USimon Aarons kunye noDavid Buchanan, abafumene ibug kwaye bavelisa isixhobo ukubuyisela kwakhona ubungqina beNgcaciso, ngokulandelelana, bayibiza ngokuthi Cropalypse kwaye waphawula ukuba "le bug imbi" kubantu abaxhalabele ubumfihlo babo.

Oko kuthetha ukuba ukuba umntu ufumana umfanekiso wakho osikiweyo, banokuzama ukufumana indawo ekubonakala ngathi ilahlekile. Ukuba umfanekiso uhlaziywe ngee-scribbles kwiindawo ezithile, ezo ndawo zinokubonakala kumfanekiso obuyiselweyo. Oku akulunganga ukuba ngasese.

Ingxaki ibonisa xa uhlela imifanekiso yePNG kuPhawu kwaye kubangelwa kukuba xa kubhaliwe umfanekiso omtsha olungisiweyo, idatha ibekwe phezulu kwifayile yangaphambili ngaphandle kokunqunyulwa, oko kukuthi, ifayile yokugqibela efunyenwe emva kokuhlelwa ibandakanya umsila wefayile yemvelaphi, apho idatha ihlala khona. idatha ecinezelweyo.

Ingxaki Ihlelwa njengobuthathaka. kuba umsebenzisi unokuthumela umfanekiso ohleliweyo emva kokususa idatha ebuthathaka, kodwa eneneni le datha ihlala kwifayile, nangona ingabonakali ngexesha lokujonga okuqhelekileyo. Ukubuyisela idatha eseleyo, inkonzo yewebhu ye-acropalypse.app yasungulwa kwaye umzekelo wescript sePython wapapashwa.

Ubuthathaka buye babonakaliswa ukususela kuGoogle Pixel 3 uthotho lwee-smartphones eziqaliswe ngo-2018 zisebenzisa i-firmware esekwe kwi-Android 10 kunye neenguqulelo ezintsha. Umba walungiswa kuhlaziyo lwe-firmware kaMatshi ye-Android yee-smartphones zePixel.

"Isiphumo sokugqibela kukuba ifayile yomfanekiso ivulwa ngaphandle kweflegi [esikiweyo], ukuze xa umfanekiso osikiweyo ubhaliwe, umfanekiso wokuqala ungancitshiswa," utshilo uBuchanan. "Ukuba ifayile yomfanekiso omtsha incinci, isiphelo soqobo sishiywe ngasemva."

Iziqwenga zefayile ebekufanele ukuba zinqunyulwe zifunyenwe ukuba zinokuphinda zifumaneke njengemifanekiso emva kokwenza ubunjineli obubuyela umva kwindlela yethala leencwadi le-zlib, athi uBuchahan wakwazi ukuyenza "emva kweeyure ezimbalwa edlala." Isiphumo sokugqibela sibubungqina bengcamango yokuba nabani na onesixhobo sePixel esichaphazelekayo unokuvavanya ngokwabo.

Kuyakholelwa ukuba umba kungenxa yotshintsho lokuziphatha olungabhalwanga lweParcelFileDescriptor.parseMode() indlela , apho, ngaphambi kokukhululwa kweqonga le-Android 10, iflegi "w" (bhala). yenza ukuba ifayile icuthwe xa uzama ukubhala kwifayile esele ikhona, kodwa ukususela ekukhutshweni kwe-Android 10, ukuziphatha kwatshintsha kwaye ngenxa yokunqunyulwa kwakufunwa ukuba ichaze ngokucacileyo iflegi "wt" (bhala, nciphisa) kwaye xa iflegi "w" yayicacisiwe, umgca awuzange ususwe emva kokuphinda ubhale. .

Ngamafutshane, isiphene "se-aCropalypse" sivumele umntu ukuba athathe umfanekiso weskrini osikiweyo wePNG kwiMarkup kwaye ahlehlise ubuncinci ezinye zokuhlelwa kumfanekiso. Kulula ukucinga ngeemeko apho umdlali ongalunganga angasebenzisa kakubi eso khono. Umzekelo, ukuba umnini wePixel usebenzise iMarkup ukulungisa kwakhona umfanekiso oquka ulwazi olubuthathaka malunga naye, umntu unokusebenzisa isiphene ukuveza olo lwazi.

Kufanelekile ukuba ukhankanye loo nto UGoogle wenze iCropalypse kuzo NgoMatshi uhlaziyo lokhuseleko lwePixel (kanye phambi kokuba iinkcukacha zobuthathaka zikhutshwe):

Konke kulungile kwaye kulungile kwikamva: ngoku ungatyala, uhlengahlengise, kwaye wabelane ngaphandle koloyiko lokuba imifanekiso yakho yexesha elizayo inokufunyanwa kwakhona, kodwa akukho zikrini ezingabelwanga ezisengozini yokuxhaphaza sele zidlulile, zilayishwe kwiDiscord, njl. 

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nokuba sesichengeni, ungajongana noshicilelo lokuqala apha eli khonkco lilandelayo.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.