Qualcomm secure execution environment of high-risk vulnerabilities affecting the global six into outstanding device-the vulnerability warning-the black bar safety net

ID MYHACK58:62201675763
Type myhack58
Reporter 佚名
Modified 2016-06-11T00:00:00



Qualcomm secure execution environment (Qualcomm Secure Execution Environment, QSEE) in a key mention of the right to exploit (Elevation of Privilege, EOP) still affect the world about six into the Android device. While the vulnerability earlier had been a repair. The root of the problem is that Widevine QSEE TrustZone application of a key to mention the right Vulnerability, CVE-2 0 1 5-6 6 3 9, and the vulnerability in January of this year has been Google release contains the 1 2 Android vulnerability patch patch fix. The vulnerability could allow a hacker to control privileged applications to access QSEECOM in the TrustZone environment to execute arbitrary code. The vulnerability of the principle can be roughly summarized as follows: QSEECOM is a Linux kernel device that allows the mediaserver which in the normaloperating systemto run, i.e.“normal world”such as the usual user space process and safetyOSunder trusted application, also known as the trustlet, the management of the protected service and the hardware, which is also referred to as the“secure world”to communicate. Therefore, the“normal world”to run the malicious software you can call the trustlet, the use of which the vulnerability of the invasion device. !

TrustZone kernel to run in“secure world”, and QSEECOM is in the“normal world”. However, both are kernel-mode part. In the specific case, can be in the mediaserver running under invasive or destructive procedures, damage is infected with computer data security and integrity purposes. style="FONT-SIZE: 16px; TEXT-DECORATION: none; BORDER-TOP: 0px; FONT-FAMILY: 'Microsoft YaHei', Microsoft elegant black, Arial, Helvetica, sans-serif; BORDER-RIGHT: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: 0px; COLOR: rgb(82,192,212); OUTLINE-WIDTH: medium; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; OUTLINE-STYLE: none; PADDING-LEFT: 0px; MARGIN: 0px; BORDER-LEFT: 0px; OUTLINE-COLOR: invert; LINE-HEIGHT: 28px; PADDING-RIGHT: 0px" href="http://www.aqniu.com/infosec-wiki/827.html" target=_blank>malicious code the attacker can use to run in“secure world”in the app (Widevine DRM software) vulnerabilities, and by changing the“normal world”of the Linux kernel to get injured equipment the Full Control permission. Gal Beniamini in the recently released a blog post explaining that, the QSEE have quite high permissions, it can be directly with TrustZone kernel to interact and access the hardware security protection with TrustZone file system. In addition, it is also possible to directly access the system memory, so a hacker can hijack the Linux kernel, without the need to find and exploit some kernel vulnerabilities. However, an attacker would still need to use the mediaserver one of the vulnerabilities, but these vulnerabilities are obviously not hard to find. 2 0 1 5 mid-Stagefright vulnerabilities get exposed, the Google in that period of time each week will be posted for the mediaserver patch, and 2 0 1 6 years 5 months for Nexus devices released upgrade update also contains this patch. Gal Beniamini in the last year found this a problem, Duo Security, the company said, it affects the operation of the high-pass processor of Android devices in the 7 5 per cent. Duo the company also indicated that 8 0% of the Android device using a Qualcomm processor, but only 2 5% of the users installed the patch, which means that there are 6 0% of the equipment there are still vulnerabilities. Despite the presence of the device in question has received 2 0 1 6 years 1 month Safety update, there is still a large number of devices not patched. The patch only role is to patch the vulnerability, but the production of born, it must be adapted to their own devices and pushed to the operator, and the operator then need the approval and deployment. This process is very slow, old equipment often in this upgrade cycle is falling, which means that millions of users never receive this update. Duo Security company researchers said They by Analysis with 5 0 million enterprise-class data set, found that about 2 7% of Android devices there is still the vulnerability. To solve this problem, manufacturers and operators must be for the affected Android version of the device design and push the patch. This year 3 month, fireeye researchers released about a serious information disclosure vulnerability details the vulnerability affects hundreds of Android models use the high-pass package. Specific point of view, the problem exists in the high-pass network sharing the controller, the vulnerability number CVE-2 0 1 6-2 0 6 0, a malicious application can use it to access the user data. Similarly at 3 months, the researchers found that some of the Root application are being abused by the kernel in a local mention the right vulnerability after Google released for Android devices the emergency security patch.