Nangona obu buthathaka sele bukhona ixesha elide, ngokukodwa ubuncinci iminyaka elishumi, ngoku kufunyenwe ukuba ukusetyenziswa kwayo kunokukhokelela kumonakalo omkhulu. Abaphandi bokhuseleko baveze ukuxhaphaza okunokuchaphazela Iinkqubo ezisekelwe kwi-Unix, kuquka i-macOS Big Sur kunye neenguqulelo zangaphambili. Oku buthathaka kwe-sudo kwi-macOS kunokunika amalungelo engcambu kubasebenzisi basekhaya.
Inokuqinisekisa nge-macOS Big Sur kuzo zombini i-x86_64 kunye ne-arch64. pic.twitter.com/NQqQ8rskv7
-Ungaba uDormann (@wdormann) Februwari 2, 2021
NgoJanuwari, abaphandi bokhuseleko baveze ubuthathaka obutsha obunokuthi buchaphazele iinkqubo zokusebenza ezise-Unix. Ukuxhatshazwa sele kukho iminyaka eyi-10 ubuncinane, nangona kunjalo olu luxwebhu lokuqala olwaziwayo. Ichongiwe njenge-CVE-2021-3156, sudo esekwe buffer ukuphuphuma. I-exploit ibonakala ifana ne-bug yangaphambili ifakwe kwi-CVE-2019-18634. Abaphandi be Imigangatho Bachonge i-bug ku-Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) kunye ne-Fedora 33 (Sudo 1.9.2). Bathi inokuchaphazela ezinye iisistim kunye nonikezelo oluqhuba inguqulelo echaphazelekayo yeSudo. Zonke iinguqulelo zelifa ukusuka kwi-1.8.2 ukuya kwi-1.8.31p2 kunye nazo zonke iinguqulelo ezizinzile ukusuka kwi-1.9.0 ukuya kwi-1.9.5p1 zichaphazelekayo.
Ewe ngokunjalo. Singaphumla kancinci, kuba ngokutsho kwabaphandi, abasebenzisi baya kufuna ukufikelela kwikhompyuter ukwenza oko kuxhaphaza. Umphandi woKhuseleko uMatthew Hickey, umseki weHacker House uphawule kwi-ZDNet, iveze ngoLwesithathu ukuba I-bug ingasetyenziswa kwakhona kwi-Mac.
Ukuyivula kufuneka ubhale ngaphezulu i-argv[0] okanye wenze ikhonkco elingumfuziselo, elithi ke ngoko iveza inkqubo yokusebenza kubuthathaka obufanayo yeengcambu zasekhaya ezichaphazele abasebenzisi beLinux kwiveki ephelileyo.
https://twitter.com/hackerfantastic/status/1356645638151303169?s=20
I-Apple kufuneka iqalise uhlaziyo lokhuseleko ngepetshi nangaliphi na ixesha, kodwa abasebenzisi banokuthatha inyathelo kwakamsinyane ukuba sikubona kuyimfuneko. Ewe kunjalo, emva kwentlawulo kwi-Qualys, ebonelela ngenkqubo echaza indlela yokupakisha ukuba sesichengeni. Asikholelwa ukuba oku kuyimfuneko, kodwa akuyomfuneko.
