A watan Nuwamban da ya gabata, an gano wata babbar matsala ta tsaro a cikin na'urar zane-zane na Mali, wanda ya shafi miliyoyin wayoyin Samsung masu amfani da kwakwalwan kwamfuta na Exynos. Tun daga wannan lokacin, raunin ya zama wani ɓangare na sarkar da masu kutse suka yi nasarar amfani da su don jagorantar masu amfani da Intanet na Samsung marasa tunani zuwa shafukan yanar gizo masu lalata. Kuma yayin da aka karya wannan sarkar, matsalar tsaro a Mali na ci gaba da shafar kusan kowace na'ura Galaxy tare da Exynos, sai dai jerin Galaxy S22, wanda ke amfani da Xclipse 920 GPU.
Google's Threat Analysis Group (TAG), ƙungiyar nazarin barazanar yanar gizo, ta gano wannan jerin abubuwan amfani da Chrome da Samsung browser. jiya. Ya gano hakan watanni uku da suka wuce.
Gidan hoton hoto
Musamman, Chrome yana shafar lahani biyu a cikin wannan sarkar. Kuma tunda mai binciken Samsung yana amfani da injin Chromium, an yi amfani da shi azaman harin kai hari tare da raunin direban kwaya na Mali GPU. Wannan amfani yana ba maharan damar shiga tsarin.
Ta hanyar wannan jerin abubuwan amfani, masu kutse za su iya amfani da saƙonnin SMS akan na'urar Galaxy dake cikin Hadaddiyar Daular Larabawa don aika hanyoyin sadarwa na lokaci daya. Waɗannan hanyoyin haɗin za su tura masu amfani da ba su ji ba gani zuwa shafi wanda zai samar da “cikakken aikin kayan leƙen asiri suite don Android wanda aka rubuta a cikin C++ wanda ya haɗa da dakunan karatu don ɓata bayanai da ɗaukar bayanai daga aikace-aikacen taɗi daban-daban da masu bincike".
Menene halin yanzu? Google ya daidaita waɗannan raunin biyu da aka ambata akan wayoyin Pixel a farkon wannan shekara. Kamfanin Samsung ya fake mashigin yanar gizo a watan Disambar da ya gabata, inda ya karya jerin abubuwan da ake amfani da shi ta hanyar amfani da aikace-aikacen Intanet na Chromium da kuma raunin kwaya a Mali, kuma da alama ya daina kai hare-hare kan masu amfani da shi a Hadaddiyar Daular Larabawa. Duk da haka, matsala ɗaya mai haske ta kasance.
Kuna iya sha'awar
Yayin da jerin abubuwan amfani da ƙungiyar ta TAG suka daidaita ta sabuntawar burauzar Samsung na Disamba, hanyar haɗi ɗaya a cikin sarkar, wacce ta ƙunshi babban lahani na tsaro a Mali (CVE-2022-22706), ta kasance ba a buɗe akan na'urorin Samsung tare da chipsets Exynos Mali GPUs. Kuma wannan duk da cewa kamfanin kera guntu na Mali ARM Holdings ya riga ya fitar da gyara ga wannan kwaro a watan Janairun bara.
Har sai Samsung ya gyara wannan batu, yawancin na'urori Galaxy tare da Exynos, har yanzu zai kasance cikin haɗari ga cin zarafin direban kwaya na Mali. Don haka muna iya fatan Samsung zai saki facin da ya dace da wuri-wuri (ana ba da shawarar cewa yana iya zama wani ɓangare na sabunta tsaro na Afrilu).
Don haka lokacin da na ga waɗannan labaran an kwafi daga Sammobile kuma an fassara su kawai, ba ma sai na zo nan ba.