Vakahwina vegore Pwnie Awards 2020 vakaziviswa, chinova chiitiko chakakurumbira, umo vatori vechikamu vanoratidzira hunyanya hwakanyanya uye zvikanganiso zvisina musoro mumunda wekuchengetedzwa kwemakomputa.
Iwo Pwnie Makomborero vanoona zvese kugona uye kusakwanisa mumunda wekuchengetedzwa kweruzivo. Vanokunda vanosarudzwa nekomiti yezvekuchengetedza indasitiri nyanzvi kubva kumasarudzo akaunganidzwa kubva munharaunda yekuchengetedza ruzivo.
Mipiro inounzwa gore rega rega paBlack Hat Security Musangano. Iwo maPwnie Awards anoonekwa seanopokana neOscars neGold Raspberry Awards mukuchengetedzwa kwemakomputa.
Vakunda vepamusoro
Yakanakisa server kukanganisa
Akapihwa mubairo wekuona nekushandisa iyo inonyanya kuomarara bug uye inonakidza mune network network. Kukunda kwakapihwa nekuzivikanwa kwekusagadzikana CVE-2020-10188, iyo inobvumidza kurwisa kure kune zvishandiso zvakabatanidzwa ne firmware yakavakirwa paFedora 31 kuburikidza neye buffer kufashukira mu telnetd.
Yakanakisa bug mune yevatengi software
Vakakunda vaive vaongorori vakaona kushushikana muSamsung Android firmware, iyo inobvumidza mukana wechigadzirwa nekutumira MMS pasina yekushandisa.
Zvirinani kukura kwekushushikana
Kukunda yakapihwa yekuona kushomeka mubhootom yeApple iPhones, iPads, Apple Watches uye Apple TV Kubva paA5, A6, A7, A8, A9, A10 uye A11 machipisi, zvichikubvumidza iwe kudzivirira firmware jailbreak uye kuronga mutoro wemamwe masisitimu anoshanda.
Yakanyanya crypto kurwisa
Akapihwa mubairo wekuona kwakanyanya kusasimba mumatambudziko chaiwo, maprotocol, uye encryption algorithms. Mubairo uyu wakapihwa wekucherechedza kusagadzikana kweZerologon (CVE-2020-1472) muMS-NRPC protocol uye iyo AES-CFB8 crypto algorithm, iyo inobvumidza anorwisa kuti awane kodzero dzevatariri pane Windows kana Samba domain controller.
Yakawanda yekuvandudza kutsvagisa
Mubairo uyu unopihwa kune vaongorori vakaratidza kuti kurwisa kweRowHammer kunogona kushandiswa kupokana nezvazvino DDR4 ndangariro machipisi ekushandura zvirimo zvega mabits eesimba rekunze yekuwana memory memory (DRAM).
Mhinduro isina kusimba yemuiti (Lamest Vendor Response)
Yakasarudzirwa Mhinduro Dzakawanda Dzisina Kukodzera kuMushumo Wenjodzi mune Chako Chigadzirwa. Uyo anokunda ndeye mungano Daniel J. Bernstein, uyo makore gumi nemashanu apfuura haana kuzviona zvakakomba uye haana kugadzirisa kusagadzikana (CVE-15-2005) muqmail, nekuti kushandiswa kwayo kwaida 1513-bit system ine anopfuura 64GB echokwadi. ndangariro.
Kwemakore gumi nemashanu, makumi matanhatu neshanu masisitimu pamaseva akatsiva masystem makumi matatu nemasere, huwandu hwendangariro hwakapihwa hwakawedzera zvakanyanya, uye semhedzisiro, kushandiswa kwekushandisa kwakagadzirwa kunogona kushandiswa kurwisa masystem ne qmail muzvigadziriso zvisipo.
Yakawanda yakatarisira kusagadzikana
Mubairo wakapihwa kusagadzikana (CVE-2019-0151, CVE-2019-0152) pane iyo Intel VTd / IOMMU mashandiro, kubvumidza kupfuura memory yekuchengetedza uye kuitisa kodhi paSystem Management Mode (SMM) uye Trusted Execution Technology (TXT) mazinga, semuenzaniso, ekumisikidza rootkit muSMM. Kukura kwedambudziko kwakazove kwakakura kwazvo kupfuura zvaifungidzirwa uye kusagadzikana kwanga kusiri nyore kugadzirisa.
Mazhinji Epic KUKUNDA zvikanganiso
Mubairo uyu wakapihwa kuMicrosoft nekuda kwekunetseka (CVE-2020-0601) mukumisikidza kwemasaini eelliptic curve yedigital anotendera iyo kiyi yemakiyi epachivande zvichienderana nekiyi dzeveruzhinji. Iyo nyaya yakabvumidza kugadzirwa kwekunyepedzera zvitupa zveTLS zveHTTPS uye nekugadzira masiginecha edhijitari ayo Windows akasimbisa seakavimbika.
Kubudirira kukuru
Mubairo uyu wakapihwa wekuzivisa akateedzana ezvinokanganisa (CVE-2019-5870, CVE-2019-5877, CVE-2019-10567) iyo inobvumidza kupfuura madanho ese ekudzivirira kweiyo Chromé browser uye nekuita kodhi pane ino system kunze kwebhokisi rejecha nharaunda. Izvo zvinokuvadza zvakashandiswa kuratidza kurwisa kure kune zvishandiso zveApple kuwana midzi yekuwana.
Chekupedzisira, kana iwe uchida kuziva zvakawanda nezve ivo vakasarudzwa, unogona kutarisa ruzivo Mune inotevera chinongedzo.