{"id":1195342,"date":"2024-06-11T22:32:48","date_gmt":"2024-06-12T00:32:48","guid":{"rendered":"https:\/\/teknomers.com\/fr\/arm-met-en-garde-contre-une-vulnerabilite-zero-day-activement-exploitee-dans-les-pilotes-gpu-du-mali\/"},"modified":"2024-06-11T22:32:53","modified_gmt":"2024-06-12T00:32:53","slug":"arm-met-en-garde-contre-une-vulnerabilite-zero-day-activement-exploitee-dans-les-pilotes-gpu-du-mali","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/arm-met-en-garde-contre-une-vulnerabilite-zero-day-activement-exploitee-dans-les-pilotes-gpu-du-mali\/","title":{"rendered":"Arm met en garde contre une vuln\u00e9rabilit\u00e9 Zero Day activement exploit\u00e9e dans les pilotes GPU du Mali"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">11 juin 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 mobile\/Technologie<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/06\/Arm-met-en-garde-contre-une-vulnerabilite-Zero-Day-activement.png\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Arm met en garde contre une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 affectant le pilote du noyau GPU Mali qui, selon lui, a \u00e9t\u00e9 activement exploit\u00e9e dans la nature.<\/p>\n<p>Suivi comme <strong>CVE-2024-4610<\/strong>le <a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/416.html\" target=\"_blank\">probl\u00e8me d&#8217;utilisation apr\u00e8s lib\u00e9ration<\/a> impacte les produits suivants &#8211;<\/p>\n<p>&#8220;Un utilisateur local non privil\u00e9gi\u00e9 peut effectuer des op\u00e9rations inappropri\u00e9es de traitement de la m\u00e9moire GPU pour acc\u00e9der \u00e0 la m\u00e9moire d\u00e9j\u00e0 lib\u00e9r\u00e9e&#8221;, explique la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/developer.arm.com\/Arm%20Security%20Center\/Mali%20GPU%20Driver%20Vulnerabilities\" target=\"_blank\">dit<\/a> dans un avis la semaine derni\u00e8re.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/ad-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/06\/Sticky-Werewolf-etend-ses-cibles-de-cyberattaques-en-Russie-et.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Bifrost et Valhall GPU Kernel Driver r41p0.  Il convient de noter que cette version a \u00e9t\u00e9 publi\u00e9e le 24 novembre 2022. La version actuelle des pilotes est la r49p0, qui a \u00e9t\u00e9 exp\u00e9di\u00e9e en avril 2024.<\/p>\n<p>Hacker News a contact\u00e9 Arm pour clarifier s&#8217;il s&#8217;agissait d&#8217;une ancienne faille de s\u00e9curit\u00e9 \u00e0 laquelle un nouvel identifiant CVE est d\u00e9sormais attribu\u00e9 ou si elle a \u00e9t\u00e9 r\u00e9cemment d\u00e9couverte, et mettra \u00e0 jour l&#8217;histoire si nous recevons une r\u00e9ponse.<\/p>\n<p>La soci\u00e9t\u00e9 britannique de semi-conducteurs a en outre reconnu les informations selon lesquelles la faille serait exploit\u00e9e dans des attaques r\u00e9elles, mais n&#8217;a divulgu\u00e9 aucun d\u00e9tail suppl\u00e9mentaire pour emp\u00eacher de nouveaux abus.<\/p>\n<p>Cela dit, des failles zero-day pr\u00e9c\u00e9demment r\u00e9v\u00e9l\u00e9es dans le GPU Arm Mali \u2013 CVE-2022-22706, CVE-2022-38181 et CVE-2023-4211 \u2013 ont \u00e9t\u00e9 utilis\u00e9es par des fournisseurs de logiciels espions commerciaux pour des attaques tr\u00e8s cibl\u00e9es visant les appareils Android, avec le exploitation de cette derni\u00e8re li\u00e9e \u00e0 une soci\u00e9t\u00e9 italienne nomm\u00e9e Cy4Gate.<\/p>\n<p>Il est recommand\u00e9 aux utilisateurs des produits concern\u00e9s de mettre \u00e0 jour vers la version appropri\u00e9e pour se prot\u00e9ger contre les menaces potentielles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/06\/arm-warns-of-actively-exploited-zero.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80211 juin 2024\ue804R\u00e9dactionS\u00e9curit\u00e9 mobile\/Technologie Arm met en garde contre une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 affectant le pilote du noyau GPU Mali qui, selon lui, a \u00e9t\u00e9 activement exploit\u00e9e dans la nature. Suivi comme CVE-2024-4610le probl\u00e8me d&#8217;utilisation apr\u00e8s lib\u00e9ration impacte les produits suivants &#8211; &#8220;Un utilisateur local non privil\u00e9gi\u00e9 peut effectuer des op\u00e9rations inappropri\u00e9es de traitement de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1195343,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,200292,23646,4168,841,4165,4161,200267,429,11648,36372,525,127095,4159,4171,65,200271,40992,4955,200268,200269,200270,2046,128318,4172,4169,196,4166,3667,4164],"class_list":["post-1195342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-actualites-sur-la-cybersecurite","tag-arm","tag-comment-pirater","tag-contre","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dans","tag-day","tag-exploitee","tag-garde","tag-gpu","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mali","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pilotes","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1195342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1195342"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1195342\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1195343"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1195342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1195342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1195342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}