{"id":3856,"date":"2023-01-18T13:34:46","date_gmt":"2023-01-18T12:34:46","guid":{"rendered":"http:\/\/pclos.janu.hu\/?p=3856"},"modified":"2023-01-18T15:19:38","modified_gmt":"2023-01-18T14:19:38","slug":"android-kritikus-sebezhetoseg-a-kernelben","status":"publish","type":"post","link":"http:\/\/pclos.janu.hu\/?p=3856","title":{"rendered":"Android sebezhet\u0151s\u00e9gek jav\u00edt\u00e1sa"},"content":{"rendered":"<p><strong>Linux-Magazin Online<\/strong> 2023. janu\u00e1r 18.<\/p>\n<h2>Android: Kritikus sebezhet\u0151s\u00e9g a kernelben<\/h2>\n<p><strong><span style=\"color: #0000ff;\">Mark Vogelsberger<\/span><\/strong><br \/>\n2023. janu\u00e1r 8.<\/p>\n<p style=\"text-align: justify; margin-bottom: 2px;\">Az Android \u201ePatchday\u201d r\u00e9szek\u00e9nt a Google sz\u00e1mos biztons\u00e1gi r\u00e9st z\u00e1rt be az Android rendszerben. Egy t\u00e1voli t\u00e1mad\u00f3 ezeket a biztons\u00e1gi r\u00e9seket arra haszn\u00e1lhatja, hogy magasabb szint\u0171 jogosults\u00e1gokat szerezzen Android-eszk\u00f6z\u00f6k\u00f6n.A t\u00e1mad\u00f3 k\u00f6zvetlen\u00fcl is kernel-szint\u0171 t\u00e1mad\u00e1st ind\u00edthat.<\/p>\n<p style=\"text-align: justify; margin-bottom: 2px; margin-top: 5px;\">Szok\u00e1s szerint a <strong>Google<\/strong> nem k\u00f6z\u00f6lt r\u00e9szleteket a biztons\u00e1gi sziv\u00e1rg\u00e1sokr\u00f3l. A <strong>Google<\/strong> azonban \u201emagasnak\u201d min\u0151s\u00edtette az Android keretrendszer sebezhet\u0151s\u00e9g\u00e9t, mivel lehet\u0151v\u00e9 teszik a t\u00e1mad\u00f3 sz\u00e1m\u00e1ra, hogy k\u00f3dot hajtson v\u00e9gre. A t\u00e1mad\u00f3nak nincs sz\u00fcks\u00e9ge k\u00fcl\u00f6nleges enged\u00e9lyekre a rendszer biztons\u00e1gi r\u00e9s\u00e9nek kihaszn\u00e1l\u00e1s\u00e1hoz. A kernel sebezhet\u0151s\u00e9g\u00e9t a <strong>Google<\/strong> \u201ekritikusnak\u201d min\u0151s\u00edtette. Ezek p\u00e9ld\u00e1ul az Android rendszer WLAN-komponens\u00e9re vonatkoznak, \u00edgy a t\u00e1mad\u00f3 b\u00e1rmilyen rosszindulat\u00fa k\u00f3dot futtathat a rendszeren.<\/p>\n<p style=\"text-align: justify; margin-bottom: 2px; margin-top: 5px;\">A legt\u00f6bb jav\u00edtott sebezhet\u0151s\u00e9g az Android 10, 11, 12, 12L \u00e9s 13 verzi\u00f3it \u00e9rinti.<\/p>\n<h2><\/h2>\n<h2>Android: T\u00e1mad\u00e1s Blootooth-on kereszt\u00fcl<\/h2>\n<p><strong><span style=\"color: #0000ff;\">Mark Vogelsberger<\/span><\/strong><br \/>\n2022. december 12.<\/p>\n<p style=\"text-align: justify; margin-bottom: 2px;\">A \u201ePatchday\u201d r\u00e9szek\u00e9nt az Android nemr\u00e9g lez\u00e1rt egy kritikus biztons\u00e1gi r\u00e9st, ami lehet\u0151v\u00e9 tette a t\u00e1voli t\u00e1mad\u00f3 sz\u00e1m\u00e1ra, hogy egy\u00e9ni k\u00f3dot futtasson egy Android-eszk\u00f6z\u00f6n Bluetooth-on kereszt\u00fcl. A t\u00e1mad\u00f3nak nem volt sz\u00fcks\u00e9ge tov\u00e1bbi jogokra. A <strong>Google<\/strong> nem adott pontos inform\u00e1ci\u00f3t arra vonatkoz\u00f3an, hogy mi okozta a sebezhet\u0151s\u00e9get.<\/p>\n<p style=\"text-align: justify; margin-bottom: 2px; margin-top: 5px;\">A probl\u00e9ma mellett m\u00e1s, n\u00e9h\u00e1ny kritikus s\u00e9r\u00fcl\u00e9kenys\u00e9get is kijav\u00edtottak. T\u00f6bbek k\u00f6z\u00f6tt ezek a t\u00e1voli k\u00f3dfuttat\u00e1st lehet\u0151v\u00e9 t\u00e9v\u0151 biztons\u00e1gi r\u00e9sek voltak (CVE-2022-20472, CVE-2022-20473, 20411), amelyeket a t\u00e1voli t\u00e1mad\u00f3k kihaszn\u00e1lhattak volna.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux-Magazin Online 2023. janu\u00e1r 18. Android: Kritikus sebezhet\u0151s\u00e9g a kernelben Mark Vogelsberger 2023. janu\u00e1r 8. Az Android \u201ePatchday\u201d r\u00e9szek\u00e9nt a Google sz\u00e1mos biztons\u00e1gi r\u00e9st z\u00e1rt be az Android rendszerben. Egy t\u00e1voli t\u00e1mad\u00f3 ezeket a biztons\u00e1gi r\u00e9seket arra haszn\u00e1lhatja, hogy magasabb &hellip; <a href=\"http:\/\/pclos.janu.hu\/?p=3856\">Egy kattint\u00e1s ide a folytat\u00e1shoz&#8230;. <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[389,151],"class_list":["post-3856","post","type-post","status-publish","format-standard","hentry","category-egyeb-irasok","tag-389","tag-android"],"_links":{"self":[{"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/posts\/3856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3856"}],"version-history":[{"count":3,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/posts\/3856\/revisions"}],"predecessor-version":[{"id":3860,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=\/wp\/v2\/posts\/3856\/revisions\/3860"}],"wp:attachment":[{"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3856"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pclos.janu.hu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}