Kuskure shekaru biyu da suka gabata a cikin Android Kernel na iya ba Tushen damar yin amfani da masu aikata laifuka ta yanar gizo

Malware akan Android

Da alama aikin Google don kare masu amfani da Android baya ƙarewa. Kamfanin injin binciken da kuma mamallakin tsarin amfani da wayoyin hannu da aka fi amfani da su a duniya yayi kashedin cewa mai amfani da cutarwa zai iya samun damar samun nasara ta hanyar aikace-aikacen da ke amfani da tabarbarewar tsaro menene gano ba kasa da shekaru biyu da suka gabata. Bugun da aka ambata yana cikin Linux Kernel, wanda yake game da ina Android An ci gaba.

An san matsalar tsaro tun daga watan Afrilun 2014, kodayake a wancan lokacin ba a yi mata lakabi da "rauni" ba. Amma a watan Fabrairun 2015 an gano cewa wannan gazawar kwaya yana da tasirin tsaro, wanda a wannan lokacin sun riga sun bashi ganowa (CVE-2015-1805). Bugu da kari, matsalar ba ta kasance ba har sai da manhajar ta dace da Android, wani dalili kuma da ya sa ba a ba ta muhimmanci ba har sai da kadan a cikin shekarar da ta gabata.

Labarin ya fito daga nesa

A watan da ya gabata, kungiyar Kungiyar CoRE gano cewa wannan yanayin yana iya amfani da shi ta hanyar masu satar bayanai don samun dama tushen zuwa na'urar. Dan gwanin kwamfuta tare da samun dama tushen wata na'ura tana da damar isa garesu, wanda ya fi mai mallakar na'urar ko aikace-aikacen ɓangare na uku ƙarfi. Ta amfani da wannan raunin, cybercriminal zai iya samun dama da / ko gyaggyara kowane fayil a cikin tsarin aiki, wanda ba shi da kyan gani ko kaɗan.

Stagefright

Kungiyar CoRE ta sanar da Google kasancewar amfani kuma babban kamfanin nemo ya fara aiki a wani facin da yakamata su saka a cikin sabunta tsaro na gaba, amma basu sami isasshen lokacin gyara shi ba Zimperium, kungiyar tsaro da suka gano Stagefright, sun fadawa Google cewa amfani Ya riga ya kasance akan Nexus 5, yana zuwa ta hanyar aikace-aikace daga Play Store wanda yanzu aka toshe shi.

Google na iya toshe ayyukan da suke ƙoƙarin samun dama tushen ga na'urar, amma ba zaka iya fada tsawon lokacin da mummunan aikace-aikacen yake aiwatar da aikin sa ba. A cikin bayanin tsaro, Google ya ce “Google ya tabbatar da kasancewar aikace-aikacen samun tushen tushe a fili wanda yayi amfani da wannan yanayin rashin daidaito akan Nexus 5 da Nexus 6 don samar da gata mafi girma akan na'urar na'urar. Sunan mai amfani ".

Google ya rarraba wannan matsala tare da mataki na tsanani «M», amma aikace-aikacen da ake magana akan su ba a ɗauke shi da ƙeta ba. Bugu da ƙari, mahimmancin tsananin tasirin yana nufin cewa sauran masu fashin kwamfuta za su iya amfani da wannan amfani don yada malware.

Faci yana kan hanya

Google ya riga ya buga faci don gyara wannan matsalar tsaro a cikin Android Open Source Project (AOSP) don sigar 3.4, 3.10 da 3.14 na Android Kernel. Fassarori tare da Kernel 3.18 kuma mafi girma ba masu rauni bane ga wannan gazawar. Za a haɗa facin a cikin sabunta tsaro na watan Afrilu don na'urorin Nexus, wanda bushara ce ga masu amfani da suka mallaki Nexus, amma sauran masu amfani zasu jira kamfanin na su don fitar da nasu sabuntawa. Wanda zai iya ɗaukar kwanaki, makonni. ko watanni.

Yadda zaka kare kanka

Kamar yadda yake a cikin sauran lamura da yawa, hankali shine mafi kyaun riga-kafi. Mafi kyawun abin da za a yi shi ne koyaushe sauke aikace-aikace daga shagunan hukuma. Dangane da aikace-aikacen da aka zazzage daga Google Play, idan akwai aikace-aikace masu haɗari, Google da kansa ya toshe shi, don haka ba zai iya amfani da shi ba. amfani kuma za mu kasance cikakke lafiya. Idan dole ne mu girka aikace-aikace daga wajen Google Play, yakamata mu sami tabbacin app daga saitunan waya. Hakanan akwai zaɓi a kan wasu na'urori waɗanda ke bin tsarin don barazanar, wani abu da zai iya shafar aikin na'urar, amma zai iya zama mai ƙima.

Don sanin idan wata na'ura ta karɓi facin tsaro wanda ke gyara wannan matsalar, dole ne ka shigar da sashin tsaro na wayar. Idan karshe karshe yace Afrilu 1 ko daga baya, ba za a sami matsala ba. Idan ba haka ba, yi hankali da abinda kake yi.


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga.

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.