Googles Threat Analysis Group (TAG) has published a blog post detailing a number of exploits in iOS that allowed hacked websites to hack into an iPhone simply if the iPhone visited the site.谷歌威胁分析小组(TAG)在博客上详尽讲解了一些iOS上的漏洞,iPhone只要采访被黑客侵略的网站,这些网站就能只能白入iPhone。Once an iPhone did that, malware was installed on the device that allowed the hackers to monitor the iPhones live location every 60 seconds as well as upload virtually any files from the iPhone—including iMessage and WhatsApp messages.iPhone一旦采访这些网站,就不会被加装恶意软件,黑客间隔60秒就能监控iPhone的动态方位,还可以从iPhone上上载任何文件,还包括iMessage和WhatsApp的信息。TAG says the exploit may be one of the largest attacks against iPhone users ever. It reportedly affected iPhones running iOS 10 to iOS 12:威胁分析小组称之为这个漏洞“有可能是目前针对iPhone用户仅次于的一个威胁”,据信它不会影响iPhone iOS 10到iOS 12的每个版本。
Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhones web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery.我们和威胁分析小组合作找到五个反击链中共有14个漏洞:其中7个针对iPhone的网络浏览器、5个针对内核,还有2个独立国家的沙箱逃离现场。可行性分析表明特权升级链中最少有一个依然是零日漏洞(所指被找到后立刻被蓄意利用的安全漏洞),而且找到以后没展开修缮。
There is some good news, however. First, an iPhone user had to visit one of the hacked websites in order for their iPhone to be infected. TAG did not specify which websites were hacked, but their report says the sites received thousands of visitors per week, suggesting the sites received relatively minor traffic relative to the number of iPhones in the wild.但也有好消息。首先iPhone用户必须采访一个被白的网站才不会被反击,威胁分析小组未明确解释哪些网站被白了,但报告中称之为这些网站“每周有数千访问者”,比起iPhone的使用量来说这些网站的访问量只是较小一部分。Further, even if the malware made it onto an iPhone, when a user restarted their iPhone, the malware would be wiped clean in most instances. Of course, news of any exploits in iOS isnt good—no matter how few users were impacted.而且即使iPhone被加装了恶意软件,在大多数情况下用户重新启动手机后恶意软件都会被清扫整洁。
当然任何关于iOS漏洞的消息都不是好消息,即使不受影响人数很少。The good news is that Apple acted quickly once TAG alerted them to the exploits. TAG says it contacted Apple about the exploits on February 1, 2019, and Apple fixed all of the exploits just six days later with the release of iOS 12.1.4 on February 7, 2019.好消息是威胁分析小组一警告苹果公司漏洞的问题,他们就马上采行了行动,威胁分析小组称之为在2019年2月1日就漏洞问题联系了苹果公司,该公司仅有用6天就修缮了所有漏洞,在2019年2月7日公布了iOS 12.1.4。
本文来源:jbo竞博-www.xiaosusu.cn
Copyright © 2008-2024 www.xiaosusu.cn. jbo竞博科技 版权所有 备案号:ICP备67567424号-3