NgoNovemba odlule, kwatholakala iphutha elikhulu lezokuphepha ku-chip yezithombe zaseMali, ezithinta izigidi zama-smartphones e-Samsung asebenzisa ama-chipset e-Exynos. Kusukela lapho, ukuba sengozini sekuyingxenye yeketango izigebengu eziye zaxhashazwa ngempumelelo ukuze ziholele abasebenzisi besiphequluli se-inthanethi be-Samsung abangaqaphile kumawebhusayithi anonya. Futhi ngenkathi lelo ketango linqanyuliwe, iphutha lezokuphepha eMali liyaqhubeka nokuthinta cishe zonke izisetshenziswa Galaxy nge-Exynos, ngaphandle kochungechunge Galaxy I-S22, esebenzisa i-Xclipse 920 GPU.
Iqembu le-Google's Threat Analysis Group (TAG), ithimba elihlaziya usongo lwe-cyber, lithole lolu chungechunge lwezenzo eziqondiswe kwiziphequluli ze-Chrome ne-Samsung. izolo. Wayithola ezinyangeni ezintathu ezedlule.
Igalari yezithombe
Ngokucacile, i-Chrome ithintwa ubungozi obubili kulolu chungechunge. Futhi njengoba isiphequluli se-Samsung sisebenzisa injini ye-Chromium, isetshenziswe njenge-vector yokuhlasela ngokuhambisana nokuba sengozini komshayeli we-kernel ye-Mali GPU. Lokhu kuxhaphaza kunikeza abahlaseli ukufinyelela kusistimu.
Ngalolu chungechunge lwezenzo zokuxhaphaza, abaduni bangasebenzisa imilayezo ye-SMS kudivayisi Galaxy etholakala e-United Arab Emirates ukuthumela izixhumanisi zesikhathi esisodwa. Lezi zixhumanisi zizoqondisa kabusha abasebenzisi abangaqaphile ekhasini elizohlinzeka “ngesuite yenhloli esebenza ngokugcwele Android ebhalwe nge-C++ efaka phakathi imitapo yolwazi yokususa ukubethela nokuthwebula idatha evela kuzinhlelo zokusebenza ezihlukahlukene zengxoxo neziphequluli".
Siyini isimo samanje? I-Google ikhiphe lezi zingozi ezimbili ezishiwo kumafoni wePixel ekuqaleni konyaka. AbakwaSamsung bapeshe isiphequluli sabo se-inthanethi ngoDisemba odlule, bephula uchungechunge lwemisebenzi yabo ngokusebenzisa uhlelo lwayo lwe-inthanethi olusekelwe ku-Chromium kanye nokuba sengozini kwe-kernel yase-Mali, nokuhlasela kwabasebenzisi e-United Arab Emirates kubonakala kumile. Nokho, kusasele inkinga eyodwa esobala.
Ungaba nentshisekelo ku
Ngenkathi uchungechunge lokuxhashazwa okuningiliziwe yithimba le-TAG lulungiswe yizibuyekezo zesiphequluli sangoDisemba zakwaSamsung, isixhumanisi esisodwa kuchungechunge, esibandakanya iphutha elibi kakhulu lezokuphepha eMali (CVE-2022-22706), sihlala singafakiwe kumadivayisi e-Samsung ane-Exynos chipsets kanye I-Mali GPUs. Futhi lokhu naphezu kweqiniso lokuthi umenzi we-chip wase-Mali i-ARM Holdings isivele isikhiphe ukulungisa lesi siphazamisi ngoJanuwari wonyaka odlule.
Kuze kube yilapho i-Samsung ilungisa le nkinga, amadivayisi amaningi Galaxy nge-Exynos, isazoba sengozini yokuhlukunyezwa komshayeli we-kernel yaseMali. Ngakho-ke singathemba ukuthi i-Samsung izokhipha isiqeshana esifanele ngokushesha okukhulu (kuphakanyiswa ukuthi ingaba yingxenye yesibuyekezo sezokuphepha sango-Ephreli).
Ngakho-ke lapho ngibona lezo zihloko zikopishwe ku-Sammobile futhi zihunyushwa kuphela, akudingekile nokuza lapha.