UGoogle ufake ingxelo yokuba semngciphekweni wosuku lwe-zero ngo-2022

Darkcrizt

Imizuzu ye4

usuku olunguziro

Usuku lwe-Zero ligama elibanzi elichaza ubuthathaka bokhuseleko abangaziwayo kubasebenzisi kunye nomvelisi okanye umphuhlisi.

Kwiintsuku ezimbalwa ezidlulileyo iqela Ukhuseleko lukaGoogle lutyhiliwe ngeposti yebhlog, a ingxelo ngayo yonke ingqokelela kunyaka ophelileyo (2022) ezinxulumene ne 0 imini semngciphekweni apho uxhatshazo luvele ngaphambili ukuphuhlisa amabala yesoftware esemngciphekweni enxulumeneyo.

Kwingxelo yabo enikezelweyo, bakhankanya ukuba ngo-2022, iqela leProjekthi Zero lichonge ubuthathaka obungama-41 usuku olu-0 (i-40% ngaphantsi kwezo zifunyenwe ngo-2021) kwaye nangona ukwehla okuphawulekayo kwinani lobuthathaka, inani liyaqhubeka liphezulu kunomyinge weminyaka emi-6 yangaphambili.

Olu luphononongo lwesine lukaGoogle lonyaka lweentsuku eziyi-0 ezixhatshaziweyo endle [2021, 2020, 2019] kwaye yakhela kuphononongo lwaphakathi konyaka ka-2022. Injongo yale ngxelo ayikokwenza iinkcukacha ngokuxhaphazwa komntu ngamnye, kodwa kunoko kuhlalutya ukuxhaphaza unyaka uphela, ujonge iindlela, izikhewu, izifundo ezifundiweyo kunye nempumelelo.

0 usuku

Igrafu yenani lobuthathaka beentsuku zero zeminyaka edlulileyo

Kuyakhankanywa ukuba ukuvela kwenani elikhulu lobuthathaka beentsuku zero kunokwenziwa lula yimiba njengemfuneko eqhubekayo yokuba abahlaseli basebenzise ukuxhaphaza ukwenza uhlaselo kunye iindlela ezilula zokufumana ubuthathaka obunjalo, ukongeza kwinto yokuba ukwanda kwesantya sokusetyenziswa kweepatches kwenza kube yimfuneko ukujonga ubuthathaka bolu hlobo endaweni yokusebenzisa iingxaki esele zaziwa. Oku kukwayinto, njengoko ukupeyishwa okulambathayo kuvumela ababhali abaxhaphazayo ukuba bafumane iivektha zohlaselo ezintsha zobuthathaka obaziwayo.

Umzekelo, ngaphezulu kwe-40% (i-17 yama-41) yezenzo ze-zero-day ezichongiweyo ngo-2022 zazinxulumene nokuba semngciphekweni okwenziwa ngaphambili kwaza kwachazwa esidlangalaleni. Ithuba elinjalo livela ngenxa yokungonelanga okupheleleyo okanye ukulungiswa komgangatho ophantsi wobuthathaka - abaphuhlisi beenkqubo ezisengozini bahlala belungisa kuphela imeko ekhethekileyo okanye badale nje ukubonakala kokulungiswa ngaphandle kokufumana ingcambu yengxaki. Ubuthathaka obunjalo beentsuku zero bebunokuthintelwa ngophando olongezelelweyo kunye nokulungiswa kobuthathaka.

Ukuncipha kwenani lobuthathaka 0 usuku xa kuthelekiswa no-2021 kunokuchazwa sisibakala sokuba kufuneka ixesha elingakumbi, ulwazi nemali ukudala ukuxhaphaza, inani lobuthathaka obusebenzisekayo liyancipha ngenxa yokusetyenziswa okusebenzayo kweendlela zokukhusela, kwi-exploit nganye, iindlela ezintsha zokusebenza zihlala ziphuhliswa.

Ukwehla kobuthathaka beentsuku ezi-0 kusenokuba kungenxa yokusetyenziswa kweendlela ezilula zohlaselo ezinje ngobuqhetseba kunye nosasazo lwe-malware. Isenokuthi ichatshazelwe kukukwazi ukugqitha imisebenzi yobuthathaka obaziwayo ngenxa yabasebenzisi abalibazisa usetyenziso lolungiso.

Ingxelo iqukumbela ngelithi I-explots ye-N-day patched thnessabilities kwi-Android ayisebenzi ngaphantsi kobuthathaka beentsuku eziyi-0 ngenxa yokulibaziseka kwababoneleli ekuveliseni uhlaziyo. Umzekelo, nokuba uGoogle ulungisa ngokukhawuleza ubuthathaka kwiqonga elingundoqo le-Android, ukulungiswa kobu buthathaka kunokungafumaneki kubasebenzisi abaninzi kude kube ziinyanga kamva, njengoko abavelisi besixhobo sokugqibela bahlala becotha ukulungisa izibuko kuhlaziyo lwakho lwe-firmware.

Umzekelo ngumngcipheko we-CVE-2022-3038 ochongiweyo kwi-injini ye-Chrome 105 kwaye ilungiswe ngoJuni 2022. Lo mngcipheko wahlala ungabhalwanga ixesha elide kwiiphequluli ezithile ezivela kubathengisi abafana ne-Samsung Internet. NgoDisemba ka-2022, iinyani zokuhlaselwa kwabasebenzisi be-Samsung abasebenzisa i-exploit kobu sesichengeni zabhengezwa (ngoDisemba, inguqulelo yangoku ye-Intanethi ye-Intanethi ye-Samsung yaqhubeka isebenzisa i-injini yeChromium 102, ekhutshwe ngoMeyi ka-2022).

Kwangelo xesha, kubaphequluli, kukho kwakhona utshintsho kwizinto ezinomdla kubabhali abaxhaphazayo ukusebenzela u-0-unqakrazo lokuxhaphaza ngaphezulu kokucofa oku-1. 0-cofa ubhekisa kubuthathaka obungafuni ntshukumo yabasebenzisi, ngokuqhelekileyo ichaphazela amalungu ngaphandle kwekhowudi yesikhangeli ngokwayo.

Kuxelwe ukuba ukucofa oku-0 kunzima ukubhaqa ngenxa yokuba:

  • baphila ixesha elifutshane
  • Ngokuqhelekileyo abanalo isalathisi esibonakalayo sobukho babo.
  • Ungajolisa kumacandelo amaninzi ahlukeneyo kwaye ababoneleli abasoloko bewaqonda onke amacandelo anokufikelelwa ukude
  • Inikezelwe ngokuthe ngqo kwindawo ekujoliswe kuyo endaweni yokuba ifumaneke ngokubanzi njengohlaselo lomkhombe
  • Amaxesha amaninzi ayibanjwa kwiwebhusayithi enokupheqululwa okanye iseva

Ngelixa ngokucofa oku-1, kukho ikhonkco elibonakalayo ekufuneka ithagethi licofe ukuhambisa i-exploit. Oku kuthetha ukuba ekujoliswe kuyo okanye izixhobo zokhuseleko ziyakwazi ukubona ikhonkco. I-exploits ke ibanjwe kumncedisi onokukhangelwa kwikhonkco.

ekugqibeleni ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.