谷歌安全团队在DEF CON 32安全会议上揭露了高通Adreno GPU驱动程序中的多个严重漏洞,这些漏洞允许攻击者完全控制受影响的设备。谷歌Android安全红队经理Xuan Xing表示,由于这些漏洞的存在,即使是在庞大的安卓生态系统内,他们的工作范围也有限,因此必须专注于那些会产生最大影响的领域。Adreno GPU驱动程序在系统内核中拥有深层权限,而Android手机上的应用程序可以直接与高通Adreno GPU驱动通信,不存在沙箱和额外权限检查,这使得攻击者能够利用这些漏洞接管设备。高通发言人确认,高通已于2024年5月向OEM厂商提供了相关的漏洞补丁,并鼓励终端用户从设备制造商处获取并应用这些补丁。这再次提醒了用户对于安全漏洞的重视,以及及时更新系统和软件的重要性,以防止潜在的安全威胁。
英语如下:
News Title: “Over 9 Major Vulnerabilities Found in Qualcomm GPU Driver, Google Urges Patch Disclosure”
Keywords: Qualcomm Vulnerabilities, Google Security, Patch Distribution
News Content: At the DEF CON 32 security conference, Google’s security team disclosed multiple critical vulnerabilities in the Qualcomm Adreno GPU driver, which could allow attackers to fully control affected devices. Xuan Xing, the Android security lead for Google’s Red Team, stated that due to the existence of these vulnerabilities, their scope of work is limited even within the vast Android ecosystem, necessitating a focus on areas that can have the most significant impact. The Adreno GPU driver operates with deep permissions within the system kernel, and Android applications can directly communicate with the Qualcomm Adreno GPU driver without sandboxing or additional permission checks, enabling attackers to exploit these vulnerabilities to take over devices. A Qualcomm spokesperson confirmed that Qualcomm has provided OEM manufacturers with the relevant vulnerability patch in May 2024, and encourages end users to obtain and apply these patches from device manufacturers. This incident serves as a reminder of the importance of cybersecurity awareness and the necessity of promptly updating the system and software to prevent potential security threats.
【来源】https://www.ithome.com/0/787/866.htm
Views: 2