Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Kutshanje iindaba ziye zaqhekeka ubuthathaka ichongiwe kwi-Android (I-CVE-2022-20465) ekuvumela ukuba ukhubaze isitshixo sesikrini Ukutshintsha iSIM khadi nokufaka ikhowudi yePUK.
Ingxaki kungenxa yoqhubekeko olungachanekanga lokuvula emva kokufaka iPUK (Personal Unblocking Key) khowudi, esetyenziselwa ukuphinda isebenze iSIM khadi ibivaliwe emva kokufakwa kwePIN engachanekanga.
Ukuvala isitshixo sesikrini, into ekufuneka uyenzile kukufaka iSIM khadi yakho kwifowuni yakho, enokhuseleko olusekwe kwiPIN. Emva kokutshintsha i-PIN ekhuselweyo yeSIM khadi, isicelo sekhowudi ye-PIN siboniswa kuqala esikrinini. Ewe Ikhowudi ye-PIN ifakwe ngokungachanekanga amaxesha amathathu, ikhadi leSIM liya kuvalelwa, demva koko uya kunikwa ithuba lokungena ikhowudi yePUK ukuyivula.
Kwavela ukuba ukungena okuchanekileyo kwekhowudi yePUK ayivuleli kuphela ikhadi leSIM, kodwa ikhokelela kutshintsho oluya kujongano oluphambili ngokudlula isigcini sesikrini, ngaphandle kokuqinisekisa ukufikelela ngegama eligqithisiweyo okanye ipatheni.
Ukuba sesichengeni kungenxa yempazamo kwingqiqo yokuqinisekisa. yeekhowudi ze-PUK kwi-KeyguardSimPukViewController isilawuli, esinyamekela ukubonisa isikrini esongezelelweyo sokuqinisekisa. I-Android isebenzisa iindidi ezininzi zezikrini zokuqinisekisa (ye-PIN, i-PUK, igama lokugqitha, ipateni, uqinisekiso lwebhayometriki) kwaye ezi zikrini ziyabhengezwa ngokulandelelana xa uqinisekiso oluninzi lufuneka, njengaxa iPIN kunye nepateni zifunwa.
Ukuba ikhowudi ye-PIN ifakwe ngokuchanekileyo, inqanaba lesibini lokuqinisekisa liyasebenza, efuna ukungena kwikhowudi yokuvula eyinkosi, kodwa ekungeneni ikhowudi ye-PUK, eli nqanaba liyatsitywa kwaye ukufikelela kunikwe ngaphandle kokucela igama eligqithisiweyo okanye ipateni.
Inqanaba elilandelayo lokuvula liyalahlwa kuba xa iKeyguardSecurityContainerController#dismiss() ibizwa, indlela elindelekileyo negqithisiweyo yokutshekisha ayithelekiswa, o.k.t.umphathi uqwalasela indlela yokukhangela utshintsho alwenzekanga kwaye uqwalaselo lokugqitywa kwekhowudi yePUK lubonisa uqinisekiso olunempumelelo lwegunya. .
Ukuba sesichengeni kufunyenwe ngengozi: Ifowuni yomsebenzisi yaphelelwa yibhetri, kwaye emva kokutshaja kunye nokuvula ifowuni, wenza impazamo ngokufaka ikhowudi ye-PIN amaxesha amaninzi, emva koko wavula ikhowudi yePUK kwaye Yamangaliswa kukuba inkqubo ayikhange ibuze igama eliyimfihlo elisetyenzisiweyo ukususa ukuntsonkotha kwedatha, emva koko umyalezo othi "iPixel iyaqala..." ivela.
Umsebenzisi uye waba nenyameko, wagqiba ekubeni afumanise ukuba kuqhubeka ntoni kwaye waqala ukuzama ukufaka iikhowudi ze-PIN kunye ne-PUK ngeendlela ezahlukeneyo, de walibala ngempazamo ukuphinda aqalise isixhobo emva kokutshintsha ikhadi leSIM kwaye wafumana ukufikelela kokusingqongileyo. endaweni yokubanda.
Eyona nto inomdla yimpendulo kaGoogle kwingxelo yokuba sesichengeni. LUlwazi malunga nale ngxaki lwathunyelwa ngoJuni, kodwa akuzange kube ngoSeptemba ukuba umphandi akwazi ukufumana impendulo ecacileyo. Uthathele ingqalelo ukuba le ndlela yokuziphatha ibangelwa kukuba ayingomntu wokuqala ukuxela le ntsholongwane.
Ukukrokrela ukuba kukho into engalunganga kwaphakanyiswa ngoSeptemba xa ingxaki yahlala ingalungiswanga emva kokuba uhlaziyo lwe-firmware lukhutshwe emva kweentsuku ze-90, emva kokuba ixesha elichaziweyo lokungabonakali liphelile.
Ekubeni zonke iinzame zokufumana ubume bengxelo yengxaki engenisiweyo kuphela kwakhokelela kwithempleyithi kunye nokungabhalisi okuzenzekelayo, umphandi wazama ukuqhagamshelana buqu nabasebenzi bakaGoogle ukucacisa imeko ngokulungiswa kwesisombululo, kwaye wabonisa nokuba sengozini kwi-ofisi yaseLondon ye-Google.
Kuphela emva koko umsebenzi wokuphelisa ubuthathaka uye waqhubeleka. Ngethuba lokuhlalutya kwavela ukuba umntu sele echaze ingxaki ngaphambili, kodwa uGoogle wagqiba ekubeni enze okungafaniyo kwaye ahlawule umvuzo wokuphinda achaze ingxaki, kuba kwakungenxa yokunyamezela kombhali wayo ukuba ingxaki yabonwa.
Ukukwazi ukukhubaza isitshixo kubonisiwe kwizixhobo zePixel zikaGoogle, kodwa ekubeni ukulungiswa kuchaphazela i-codebase engundoqo ye-Android, kusenokwenzeka ukuba umba uchaphazela i-firmware yomntu wesithathu ngokunjalo. Lo mba waqwalaselwa kuLuhlu lwePatch yezoKhuseleko lwe-Android kaNovemba. Umphandi oye wazisa lo mba kwingqalelo ufumene umvuzo we-70,000 yeedola kuGoogle.
Umthombo: https://bugs.xdavidhu.me