An sanar da waɗanda suka yi nasara a shekara ta Pwnie Awards 2020, wanda shahararren lamari ne, wanda mahalarta suka bayyana mafi mawuyacin rauni da nakasu a fagen tsaron kwamfuta.
Kyautar Pwnie sun yarda da kyau da rashin iya aiki a bangaren tsaron bayanai. Kwamitin ƙwararrun masana'antun masana'antun tsaro ne ke zaɓar waɗanda suka yi nasara bisa ga nade-naden da aka tattara daga ƙungiyar tsaro ta bayanai.
Ana gabatar da kyaututtuka a kowace shekara a Taron Tsaron Black Hat. Kyautar Pwnie ana daukarta a matsayin takwaran ta Oscars da Golden Raspberry Awards a tsaron kwamfuta.
Babban nasara
Kuskuren saba mafi kyau
An bayar da kyautar don ganowa da kuma amfani da mafi yawan rikitaccen kwaron fasaha kuma mai ban sha'awa a cikin sabis na hanyar sadarwa. An bayar da nasarar ta hanyar gano yanayin rauni na CVE-2020-10188, wanda ke ba da damar kai hare-hare nesa zuwa na'urorin da aka sanya su tare da firmware dangane da Fedora 31 ta hanyar adana ambaliya a cikin telnetd.
Mafi kyawun kwaro a cikin software na abokin ciniki
Wadanda suka yi nasara sune masu binciken wadanda suka gano raunin da ke cikin babbar manhajar Android ta Samsung, wanda ke ba da damar isa ga na'urar ta hanyar aika MMS ba tare da shigar da mai amfani ba.
Kyakkyawan haɓaka yanayin rauni
Nasara an bayar da lambar yabo ne don gano wani rauni a cikin kamfanonin Apple iPhones, iPads, Apple Watches da Apple TV Dogaro da kwakwalwan A5, A6, A7, A8, A9, A10 da A11, suna ba ku damar kaucewa yantad da firmware da tsara nauyin sauran tsarin aiki.
Mafi kyawun harin crypto
An bayar da kyauta don gano mahimmancin rauni a cikin tsarin gaske, ladabi, da kuma algorithms na ɓoyewa. An bayar da kyautar ne don gano raunin Zerologon (CVE-2020-1472) a cikin yarjejeniyar MS-NRPC da AES-CFB8 crypto algorithm, wanda ke ba maharin damar samun haƙƙin gudanarwa a kan Windows ko Samba mai kula da yankin.
Mafi yawan bincike na zamani
Ana ba da lambar yabo ga masu binciken da suka nuna cewa za a iya amfani da hare-haren RowHammer a kan kwakwalwar ƙwaƙwalwar DDR4 ta zamani don canza abubuwan da ke cikin kowane mutum na ƙarfin ƙwaƙwalwar bazuwar bazuwar (DRAM).
Amsar mafi ƙarancin mai ƙera (Amsar Mai Sayar Lamest)
An Nemi shi don Mafi Amsar da Bai dace ba ga Rahoton Rashin inarfi a Samfuran Ku. Wanda ya ci nasarar shi ne almara mai suna Daniel J. Bernstein, wanda shekaru 15 da suka gabata bai ɗauka da gaske ba kuma bai warware matsalar rashin lafiyar ba (CVE-2005-1513) a cikin qmail, tunda amfani da ita ya buƙaci tsarin 64-bit tare da fiye da 4GB na kamala ƙwaƙwalwar ajiya.
Tsawon shekaru 15, tsarin 64-bit akan sabobin sun maye gurbin tsarin 32-bit, adadin ƙwaƙwalwar da aka kawo ya karu sosai, kuma sakamakon haka, an ƙirƙiri amfani da aiki wanda za'a iya amfani dashi don afkawa tsarin tare da qmail a cikin saitunan tsoho.
Yawancin raunin rashin ƙarfi
An ba da lambar yabo ne saboda yanayin rauni (CVE-2019-0151, CVE-2019-0152) akan aikin Intel VTd / IOMMU, ba da damar ƙetare kariya ta ƙwaƙwalwar ajiya da aiwatar da lambar a Tsarin Gudanar da Tsarin (SMM) da matakan Amintaccen Fasahar Fasaha (TXT), misali, don maye gurbin rootkit a cikin SMM. Ofarancin matsalar ya zama ya zama mafi girma fiye da yadda ake tsammani, kuma yanayin rauni bai kasance da sauƙin gyarawa ba.
Yawancin kuskuren Epic FAIL
An ba da lambar yabo ga Microsoft don yanayin rauni (CVE-2020-0601) a cikin aiwatar da sa hannu na dijital wanda ke ba da damar ƙirƙirar maɓallan keɓaɓɓu bisa maɓallan jama'a. Batun ya ba da izinin ƙirƙirar takaddun TLS na jabun HTTPS da ƙirƙirar sa hannun dijital waɗanda Windows ta tabbatar da amintacciya.
Babban nasara
An ba da lambar yabo ne don gano jerin lahani (CVE-2019-5870, CVE-2019-5877, CVE-2019-10567) wanda ke ba da damar ƙetare duk matakan kariya na mai binciken Chromé da aiwatar da lambar a kan tsarin a bayan sandbox muhalli. An yi amfani da raunin ne don nuna kai hari nesa kan na'urorin Android don samun damar tushen.
A ƙarshe, idan kuna son ƙarin sani game da waɗanda aka zaɓa, za ku iya bincika bayanan A cikin mahaɗin mai zuwa.