Mva nje Kwakhutshwa iindaba zokuba ubuthathaka bachongiwe (I-CVE-2021-40823, i-CVE-2021-40824) kwizicelo ezininzi zabaxumi kwiqonga lonxibelelwano olunatyisiweyo IMatrix, evumela ukufumana ulwazi malunga nezitshixo ezisetyenziselwa ukudlulisa imiyalezo kwi-end-to-end encrypted (E2EE) iincoko.
Umhlaseli obeke esichengeni omnye wabasebenzisi ukusuka kwincoko iyakwazi ukususa ukuntsonkotha kwemiyalezo ethunyelwe ngaphambili kulo msebenzisi ukusuka kwizicelo zabaxumi abasesichengeni. Ukusebenza okuyimpumelelo kufuna ukufikelela kwi-akhawunti yomamkeli womyalezo kwaye ukufikelela kunokufunyanwa ngokuvuza kweeparamitha zeakhawunti okanye ngokugqekeza iseva yeMatrix apho umsebenzisi axhuma khona.
Kuyakhankanywa ukuba Ubuthathaka buyingozi kakhulu kubasebenzisi bamagumbi okuncokola afihliweyo apho iiseva zeMatrix ezilawulwa ngabahlaseli ziqhagamshelwe. Abalawuli beeseva ezinjalo banokuzama ukuzenza abasebenzisi bomncedisi ukuba bathintele imiyalezo ethunyelwe kwincoko evela kwizicelo zabathengi abasesichengeni.
Ukuba sesichengeni zibangelwa ziimpazamo zengqiqo ekuphunyezweni kwendlela yokunika ufikelelo kwakhona kwizitshixo izindululo kubathengi abohlukeneyo abachongiweyo. Ukuphunyezwa okusekwe kwi-matrix-ios-sdk, i-matrix-nio, kunye namathala eencwadi e-libolm akukho sichengeni sokuxhaphaza.
Ngokuhambelana Ubuthathaka buvela kuzo zonke izicelo eziboleke ikhowudi eyingxaki y Ayichaphazeli ngokuthe ngqo i-Matrix kunye ne-Olm/Megolm protocol.
Ngokukodwa, umba uchaphazela undoqo we-Element Matrix (owayefudula eyiRiot) umxhasi wewebhu, i-desktop, kunye ne-Android, kunye nee-apps zeqela lesithathu kunye neelayibrari, ezifana neFluffyChat, Nheko, Cinny, kunye neSchildiChat. Ingxaki ayibonakali kumthengi osemthethweni we-iOS, okanye kwi-Chatty, Hydrogen, mautrix, purple-matrix kunye nezicelo zeSiphon.
Iinguqulelo ezibhayiweyo zabaxumi abachaphazelekayo ziyafumaneka ngoku; Ke ngoko, sicela ukuba ihlaziywe ngokukhawuleza kwaye siyaxolisa ngale ngxaki. Ukuba awukwazi ukuhlaziya, cinga ngokugcina abathengi abasesichengeni ngaphandle kweintanethi de ube nako. Ukuba abathengi abasengozini abakho kwi-intanethi, abanakuqhathwa ukuba baveze izitshixo. Basenokubuyela kwi-intanethi ngokukhuselekileyo xa behlaziyiwe.
Ngelishwa, kunzima okanye akunakwenzeka ukuchonga kwakhona iimeko zolu hlaselo kunye namanqanaba asezantsi okugawulwa akhoyo kubo bobabini abathengi kunye neeseva. Nangona kunjalo, ekubeni uhlaselo lufuna ukuchasana kweakhawunti, abalawuli beseva yasekhaya banokufuna ukuphonononga iilogi zabo zokuqinisekisa ngazo naziphi na iimpawu zokufikelela okungafanelekanga.
Indlela yokutshintshiselana engundoqo, ekuphunyezweni kwayo ubuthathaka obufunyenweyo, ivumela umxhasi ongenazitshixo zokususa ukuntsonkotha komyalezo ukucela izitshixo kwisixhobo somthumeli okanye ezinye izixhobo.
Umzekelo, obu buchule buyimfuneko ukuze kuqinisekiswe ukukhutshelwa kwemiyalezo emidala kwisixhobo esitsha somsebenzisi okanye kwimeko apho umsebenzisi aphulukene nezitshixo ezikhoyo. Inkcazo yeprotocol ichaza ngokungagqibekanga ukuba ungaphenduli kwizicelo eziphambili kwaye uzithumele ngokuzenzekelayo kuphela kwizixhobo eziqinisekisiweyo zomsebenzisi ofanayo. Ngelishwa, ekuphunyezweni okubonakalayo, le mfuno ayizange ifikelelwe kwaye izicelo zokuthumela izitshixo ziye zaqwalaselwa ngaphandle kokuchongwa kwesixhobo esifanelekileyo.
Ubuthathaka buchongiwe ngexesha lophicotho lokhuseleko lomthengi we-Element. Okwangoku, izilungiso ziyafumaneka ngoku kubo bonke abathengi abanemiba. Abasebenzisi bayacetyiswa ukuba bafakele uhlaziyo ngokungxamisekileyo kwaye bakhuphe unxibelelwano nabathengi phambi kokufaka uhlaziyo.
Kwakungekho bungqina bokuxhaphazwa kobuthathaka phambi kokukhululwa kwepatch. Akunakwenzeka ukumisela inyani yohlaselo kusetyenziswa umxhasi oqhelekileyo kunye neelog zeseva, kodwa ekubeni uhlaselo lufuna ukuchaneka kweakhawunti, abalawuli banokuhlalutya ubukho bokungena okukrokrisayo besebenzisa iilogi zokuqinisekisa kwiiseva zabo, kwaye Abasebenzisi banokuvavanya uluhlu lwezixhobo ezidityaniswe nazo. i-akhawunti yabo yoqhagamshelo lwamva nje kunye notshintsho lwesimo sokuthembana.
Umthombo: https://matrix.org