Kumenyezelwe abaphumelele kuma-Pwnie Awards 2020, okuwumcimbi ovelele, lapho ababambiqhaza baveza ubungozi obukhulu kakhulu namaphutha angenangqondo emkhakheni wezokuphepha kwamakhompyutha.
Imiklomelo kaPwnie bona bobabili ubuhle kanye nokungakwazi ukusebenza emkhakheni wezokuphepha kolwazi. Abaphumeleleyo bakhethwa yikomidi labasebenza emkhakheni wezokuphepha ngokuya ngamagama aqokiwe aqoqwe emphakathini wezokuphepha wolwazi.
Imiklomelo inikezwa minyaka yonke kwiNgqungquthela Yezokuphepha YeBlack Hat. Ama-Pwnie Awards athathwa njengophathina wama-Oscars nama-Golden Raspberry Awards kwezokuphepha kwamakhompyutha.
Abawinile abaphezulu
Iphutha leseva elihamba phambili
Iklonyeliswe ukukhomba nokuxhaphaza i-bug eyinkimbinkimbi kunazo zonke futhi kuyathakazelisa ngenethiwekhi. Ukunqoba kwanikezwa ngokuhlonza ubungozi be-CVE-2020-10188, okuvumela ukuhlaselwa okukude kumadivayisi afakwe nge-firmware ngokususelwa kuFedora 31 ngokugcwala kwe-buffer ku-telnetd.
Isiphazamisi esihle kakhulu kwisoftware yamakhasimende
Abaphumelele ngabaphenyi abakhombe ubungozi ku-firmware ye-Android yakwa-Samsung, evumela ukufinyelela kudivayisi ngokuthumela i-MMS ngaphandle kokufaka komsebenzisi.
Ukuba sengcupheni kokukhula okungcono
Ukunqoba inikezwe ukukhomba ukuba sengozini ku-bootrom ye-Apple iPhones, iPads, Apple Watches ne-Apple TV Ngokusekelwe kuma-chips we-A5, A6, A7, A8, A9, A10 ne-A11, okukuvumela ukuthi ugweme i-firmware jailbreak futhi uhlele umthwalo wezinye izinhlelo zokusebenza.
Ukuhlaselwa okungcono kwe-crypto
Kuklonyeliswe ngokukhomba ubungozi obubaluleke kakhulu ezinhlelweni zangempela, izivumelwano, kanye nama-encryption algorithms. Umklomelo wanikezwa ngokuhlonza ukuba sengozini kweZerologon (CVE-2020-1472) kuphrothokholi ye-MS-NRPC kanye ne-AES-CFB8 crypto algorithm, evumela umhlaseli ukuthi athole amalungelo okuphatha kwisilawuli sesizinda seWindows noma seSamba.
Ucwaningo olukhulu kakhulu
Umklomelo unikezwa abacwaningi abakhombisile ukuthi ukuhlaselwa kweRowHammer kungasetshenziswa kuqhathaniswa namakhompiyutha ezinkumbulo ze-DDR4 zanamuhla ukushintsha okuqukethwe ngamabhithi ngamanye wememori yokufinyelela engahleliwe (DRAM).
Impendulo Ebuthakathaka Yomkhiqizi (Impendulo Yomthengisi Oyindilinga)
Ukhethelwe Izimpendulo Ezingafaneleki Kakhulu Embikweni Wokuba Sengozini Kumkhiqizo Wakho. Owinile nguDaniel J. Bernstein oyinganekwane, eminyakeni eyi-15 eyedlule ongazange akuthathe njengokubucayi futhi akazange axazulule ukuba sengozini (i-CVE-2005-1513) ku-qmail, ngoba ukuxhashazwa kwayo kwakudinga uhlelo lwama-64-bit olungaphezulu kwe-4GB yememori ebonakalayo .
Okweminyaka eyi-15, amasistimu angama-64-bit kumaseva afake amasistimu angama-32-bit, inani lememori elinikezwe lenyuka kakhulu, futhi ngenxa yalokho, kwadalwa ukuxhashazwa okusebenzayo okungasetshenziswa ukuhlasela amasistimu nge-qmail kuzilungiselelo ezizenzakalelayo.
Ukuba sengozini okubukelwe phansi kakhulu
Umklomelo wanikezwa ngobungozi (CVE-2019-0151, CVE-2019-0152) kumshini we-Intel VTd / IOMMU, Lokhu kukuvumela ukuthi udlule ukuvikelwa kwememori futhi usebenze ikhodi kumazinga weSystem Management Mode (SMM) kanye ne-Trusted Execution Technology (TXT), ngokwesibonelo ukufaka ama-rootkits ku-SMM. Ubunzima benkinga kuvele ukuthi bukhulu kakhulu kunalokho obekulindelwe, futhi ukuba sengozini bekungelula ukukulungisa.
Amaphutha amaningi we-Epic FAIL
Lo mklomelo wanikezwa iMicrosoft ngobungozi (i-CVE-2020-0601) ekusetshenzisweni kwamasiginesha edijithali ye-elliptic avumela ukwenziwa kokhiye abazimele ngokususelwa kukhiye womphakathi. Inkinga ivumele ukwenziwa kwezitifiketi ze-TLS zomgunyathi ze-HTTPS namasiginesha enkohliso edijithali aqinisekiswe yiWindows njengathembekile.
Impumelelo enkulu
Umklomelo wanikezwa ngokuhlonza uchungechunge lobungozi (i-CVE-2019-5870, i-CVE-2019-5877, i-CVE-2019-10567) evumela ukweqa wonke amazinga wokuvikelwa kwesiphequluli seChromé kanye nokwenza ikhodi kusistimu engaphandle kwemvelo ye-sandbox . Ukuba sengozini kusetshenziselwe ukukhombisa ukuhlaselwa okukude kumadivayisi we-Android ukuthola ukufinyelela kwezimpande.
Ekugcineni, uma ufuna ukwazi kabanzi ngabaphakanyisiwe, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.