Wednesday , January 20 2021

WiFi firmware bugs affect PS4, Xbox One, Surface laptops and more



WiFi firmware bugs affect PS4, Xbox One, Surface laptops and more

My precious achievements!

A security researcher A weakness is found in threadex – a real-time operating system that is used as a firmware in your WiFi chipset on billiovascular devices from your Xbox One to your smartphone.

Mbeid's Dennis Sallyanin has published a detailed report that explains as bad as possible. This is not only the number of affected devices, but also the delicate nature of the attack.

For the purpose of its report, Selenin Marvel was working with the 8888888888888888 mainly because it is one of the most popular chipsets found in Xbox One and PlayStation 4, all the way to Samsung Chromebooks and Microsoft Surface laptops. However, for its purposes, they have been attributed to its lack of DRM's recently closed steam link.

Celia said, "I've identified issues of total memory corruption in some parts of Firmware." ZnetNet. "One of the undiscovered weaknesses, Threadx Block Pool was a special case of overflow. This vulnerability can trigger a user's interaction during scanning for available networks."

This version of the nightmare is believed to be thankful for the firmware that directs the chief to scan for new WiFi networks every five minutes. An attacker will only need to send malicious packets to the device to run malicious code and control the device.

"So this bug is so cool and provides an opportunity to literally exploit devices with zero-click interaction in any state of wireless connection (even if the device is not connected to a network)."

Selenin explains that he had found two ways to take advantage of this skull, and when one was unique to Marvel's chipset, he would work with another thread-based firmware. That's a big deal, because threads demand more than 6.2 billion jobs worldwide.

For people with technical knowledge, you can read the full detailed report here or see the exploitation run in the video below.

There is a civil-of-concept code for the obvious reasons why you can not find: Selenin 6.2 billion devices do not need to be dragged suddenly. Hopefully patches will come soon, although with this series of different devices running threads, the timeline is difficult to pinpoint. μ

Further Reading


Source link