中國(guó)黑客攻破蘋果Safari
????Keen Team的陳良(右)正展示Adobe Flash漏洞利用
|
????上周舉行的Pwn2Own黑客大賽中,,所有網(wǎng)絡(luò)軟件包括蘋果(Apple)Safari瀏覽器,、谷歌(Google)Chrome瀏覽器、微軟(Microsoft)的IE瀏覽器,、Mozilla公司的火狐瀏覽器(Firefox),,以及Adobe公司的PDF閱讀器(Adobe Reader)及瀏覽器插件Adobe Flash都被黑客徹底攻破。 ????法國(guó)安全公司Vupen利用一個(gè)Use-After-Free 漏洞攻破了Chrome瀏覽器,。這個(gè)漏洞對(duì)兩種瀏覽器內(nèi)核WebKit及Blink都有影響,。 ????來自中國(guó)安全研究團(tuán)隊(duì)Keen Team的陳良利用一個(gè)堆溢出及沙箱繞過組合攻破了蘋果的Safari瀏覽器。這個(gè)團(tuán)隊(duì)共用了三個(gè)月時(shí)間來完善這個(gè)組合,。 ????“蘋果的OS操作系統(tǒng)被認(rèn)為是非常安全的,,具備非常好的安全架構(gòu),”陳良告訴安全信息網(wǎng)站ThreatPost的邁克爾?米莫蘇說,?!凹词顾新┒矗埠茈y被攻破,。今天我們證明,利用一些先進(jìn)技術(shù),,OS操作系統(tǒng)還是可以被攻破,。但總體來說,,這個(gè)系統(tǒng)的安全性要高于所有其它操作系統(tǒng)?!?/p> ????在接受CNET科技資訊網(wǎng)的單獨(dú)采訪時(shí),,陳良說道,OS X系統(tǒng)比iOS 7.0更難攻破,,因?yàn)樘O果為桌面操作系統(tǒng)提供的安全更新比為移動(dòng)操作系統(tǒng)提供的更為頻繁,。 ????由惠普公司(Hewlett-Packard)贊助、惠普零日計(jì)劃(Zero-Day Initiative)組織的Pwn2Own黑客大賽為期兩天,,共為八個(gè)參賽團(tuán)隊(duì)提供了85萬美元的總獎(jiǎng)金,,并為慈善機(jī)構(gòu)捐出了8.25萬美元善款。除參賽團(tuán)隊(duì)外,,參加這次活動(dòng)的還有許許多多來自蘋果及其它公司的觀察員,,他們將在大賽結(jié)束后著手修補(bǔ)這些安全漏洞。 ????“我認(rèn)為Webkit漏洞比較容易修復(fù),,”陳良告訴米莫蘇,。“而系統(tǒng)級(jí)別的漏洞與程序設(shè)計(jì)相關(guān),,因此可能更難修復(fù),。”(財(cái)富中文網(wǎng)) ????譯者:朱毓芬/汪皓 ???? |
????Everybody's Web software got "pwned" at the Pwn2Own hackers conference this week: Apple's (AAPL) Safari, Google's (GOOG) Chrome, Microsoft's (MSFT) Internet Explorer, Mozilla's Firefox and Adobe's (ADBE) Reader and Flash. ????Chrome was hacked by a French team from Vupen Security with a use-after-free vulnerability that affects both the WebKit and Blink rendering engines. ????Safari was defeated by Liang Chen, one of a pair Chinese Keen Team hackers, using a heap-overflow-and-sandbox-bypass combination that took three months to perfect. ????"For Apple, the OS is regarded as very safe and has a very good security architecture," Chen told ThreatPost's Michael Mimoso. "Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems." ????In a separate interview with CNET, Chen said that OS X is harder to attack than iOS 7.0 because Apple issues security updates for its desktop operating system more frequently than for its mobile OS. ????The two-day event, sponsored by Hewlett-Packard (HPQ) and organized by the HP-owned Zero-Day Initiative, paid out $850,000 in prize money to eight teams of competitors, plus another $82,500 in charitable donations. The event was staffed by observers from Apple and the other companies, which will presumably now start patching those holes. ????"I think the Webkit fix will be relatively easy," Chen told Mimoso. "The system-level vulnerability is related to how they designed the application; it may be more difficult for them." ???? |
最新文章
最新文章:
中國(guó)煤業(yè)大遷徙
| 中國(guó) | 美國(guó) | 日本 | 法國(guó) |
| 德國(guó) | 英國(guó) | 瑞士 | 韓國(guó) |
| 荷蘭 | 加拿大 | 印度 | 巴西 |
| 意大利 | 澳大利亞 | 俄羅斯 | 西班牙 |
| 能源 | 金融 | 汽車相關(guān) |
| IT行業(yè) | 商業(yè),、零售 | 房地產(chǎn),、建筑 |
| 金屬產(chǎn)品 | 航空、航天 | 食品相關(guān) |
| 電信 | 保險(xiǎn)行業(yè) | 鐵路運(yùn)輸 |