Micro letter reportedly arbitrary code execution vulnerability self-test programme-micro, holes, 360-IT information

IT information news on August 24, @360 phone guardian tweeting yesterday said the 360 Mobile Guardian exclusive Alpha team found that remote arbitrary code execution vulnerabilities: badkernel.

360 said, through this vulnerability an attacker could gain complete control over the app, micro-privacy-threatening, chats, and even micro-purse, hundreds of millions of micro-credit affected! At present, the alpha team has reported this vulnerability to Tencent's emergency response center and provides repair recommendations. Micro-letter from the illustrations that seem to do these vulnerabilities have been identified and repaired.

According to o, method team revealed, badkernel vulnerability is located in micro-letter using of X5 kernel in the, X5 kernel is after Tencent custom had of chrome browser kernel, so using has X5 kernel of application are may are by this vulnerability of effect, from X5 of officer online (http://X5.Tencent.com) found, micro-letter, and phone QQ, and QQ, and Beijing East, and 58 with city, and Sohu video, and news information, application are using has X5 kernel.

Alpha team has put together emergency response center and the vulnerability to Tencent provides repair recommendations, Tencent has internal fixes this vulnerability and start to push updates to users. Users can chat on any dialog box, enter "//gettbs" can determine whether to have received the update for this vulnerability. If tbsCoreVersion is greater than 036555 the vulnerability has been fixed, users don't need to worry about, otherwise the app that vulnerability.

微信被曝任意代码执行漏洞，附自检方案 - 微信,漏洞,360 - IT资讯

IT资讯讯 8月24日消息，昨天@360手机卫士发微博称，360手机卫士阿尔法团队独家发现微信远程任意代码执行漏洞：badkernel。

360称，通过此漏洞攻击者可获取微信的完全控制权，危及微信隐私、聊天记录甚至微信钱包，上亿微信用户受影响！目前，阿尔法团队已将此漏洞报告给腾讯应急响应中心并提供修复建议。从配图可得知似乎微信方便确实已经确认了这些漏洞，并在修复中。

据阿尔法团队透露，badkernel漏洞位于微信使用的x5内核中，x5内核是经过腾讯定制过的chrome浏览器内核，所以使用了x5内核的应用都可能都受到此漏洞的影响，从x5的官网上(http://x5.tencent.com)发现，微信、手机QQ、QQ空间、京东、58同城、搜狐视频、新闻资讯等应用都使用了x5内核。

阿尔法团队已经将此漏洞提交给腾讯应急响应中心并提供了修复建议，腾讯已经内部修复此漏洞并开始向用户推送更新。用户可通过在任意聊天对话框中输入“//gettbs”可判定是否已经收到此漏洞的更新。如果tbsCoreVersion大于036555则说明该漏洞已经修复，用户无需担心，否则则说明微信受该漏洞影响。