Ua ʻike ka mea noiʻi palekana ʻo Northwestern University a me ka haumāna PhD ʻo Zhenpeng Lin i kahi nāwaliwali koʻikoʻi e pili ana i ka kernel ma androidnā mea like me ka Pixel 6 series a i ʻole Galaxy S22. ʻAʻole i hoʻokuʻu ʻia nā kikoʻī kikoʻī o ka hana ʻana o kēia nāwaliwali no nā kumu palekana, akā ʻōlelo ka mea noiʻi hiki iā ia ke ʻae i ka heluhelu a me ke kākau ʻana, ka piʻi ʻana o ka pono, a me ka pale ʻana i ka palekana o ka hiʻona palekana SELinux o Linux.
Photogallery
Ua hoʻopuka ʻo Zhenpeng Lin i kahi wikiō ma Twitter e hōʻike ana pehea i hiki ai i ka nāwaliwali o ka Pixel 6 Pro ke loaʻa ke aʻa a hoʻopau iā SELinux. Me ia mau mea hana, hiki i ka mea hacker ke hana i ka nui o ka poino i kahi mea i hoʻopili ʻia.
ʻO ka Google Pixel 6 hou loa i hoʻopaʻa ʻia me kahi lā 0 i loko o ka kernel! Loaʻa i ka heluhelu a kākau ʻana no ka hoʻonui ʻana i ka pono a hoʻopau iā SELinux me ka ʻole o ka hijacking control flow. Hoʻopilikia ka bug i ka Pixel 6 Pro, ʻaʻole pili nā Pixels ʻē aʻe 🙂 pic.twitter.com/UsOI3ZbN3L
— Zhenpeng Lin (@Markak_) Lulai 5, 2022
Wahi a kekahi mau kikoʻī i hōʻike ʻia ma ka wikiō, hiki i kēia hoʻouka ke hoʻohana i kekahi ʻano o ka hoʻohana ʻana i ka hoʻomanaʻo ʻana i ka hana ʻino, e like paha me ka nāwaliwali o Dirty Pipe i ʻike ʻia i hoʻopilikia ʻia. Galaxy S22, Pixel 6 a me nā mea ʻē aʻe androidova nā mea i hoʻokuʻu ʻia me ka Linux kernel version 5.8 ma Androidu 12. Ua ʻōlelo pū ʻo Lin e pili ana ka vulnerability hou i nā kelepona āpau e holo ana i ka Linux kernel version 5.10, e komo pū ana me ka pūʻulu hae nui o Samsung i ʻōlelo ʻia.
Hiki paha iā ʻoe ke hoihoi
I ka makahiki i hala aku nei, ua uku ʻo Google i $8,7 miliona (ma kahi o CZK 211,7 miliona) i nā uku no ka ʻike ʻana i nā pōpoki i kāna ʻōnaehana, a ke hāʻawi nei i kēia manawa a hiki i $ 250 (ma kahi o CZK 6,1 miliona) no ka loaʻa ʻana o nā nāwaliwali ma ka pae kernel, ʻo ia ka mea ʻo ia ka hihia. . ʻAʻole ʻo Google a me Samsung i ʻōlelo i kēia mea, no laila ʻaʻole maopopo i kēia manawa i ka wā e hoʻohana ʻia ai ka Linux kernel hou. Eia nō naʻe, ma muli o ke ʻano o ka hana ʻana o nā pale palekana a Google, ʻaʻole hiki ke hōʻea i ka patch kūpono a hiki i Kepakemapa. No laila, ʻaʻohe o mākou koho akā e kali.
