Vasina hanya uye vasina hanya iOS vashandisi vanotarisana nenjodzi dzekuwedzera. Kwangopera vhiki mushure mekuwanikwa WireLurker malware kambani yekuchengetedza FireEye yakazivisa kuti yakawana rimwe gomba rekuchengetedza muPhones uye iPads rinogona kurwiswa uchishandisa nzira inonzi "Masque Attack". Inogona kutevedzera kana kutsiva maapplication aripo kuburikidza nekunyepera yechitatu-bato maapplication uye wozowana mushandisi data.
Avo vanodhawunirodha maapplication kumidziyo yeIOS chete kuburikidza neApp Store havafanirwe kutya iyo Masque Attack, nekuti iyo malware nyowani inoshanda nenzira yekuti mushandisi anodhawunirodha application kunze kwechitoro chepamutemo software, kune email yekunyepedzera kana meseji ( semuenzaniso, ine download link nyowani vhezheni yemutambo wakakurumbira Flappy Shiri, ona vhidhiyo pazasi).
Kana mushandisi angodzvanya pane chinongedzo chekubiridzira, vanoendeswa kune peji rewebhu vachivakumbira kuti vatore app inoita seFlappy Shiri, asi iri fake vhezheni yeGmail inodzosera iyo yekutanga app yakatorwa zviri pamutemo kubva kuApp Store. Iyo application inoramba ichiita nenzira imwechete, inongoisa Trojan bhiza mukati mayo, iyo inowana ese ega data kubva kwairi. Kurwiswa kunogona kunge kusingangoiti nezve Gmail chete, asiwo, semuenzaniso, mabhengi ekushandisa. Uye zvakare, iyi malware inogona zvakare kuwana iyo yepakutanga data yenzvimbo yezvikumbiro inogona kunge yakatodzimwa, uye kuwana, semuenzaniso, kanenge kakachengetedzwa zvitupa zvekupinda.
[youtube id=”76ogdpbBlsU” wide=”620″ height=”360″]
Shanduro dzemanyepo dzinogona kutsiva iyo yekutanga app nekuda kwekuti ivo vane imwechete yakasarudzika nhamba yekuzivikanwa iyo Apple inopa kune maapplication, uye zvakanyanya kuomera vashandisi kusiyanisa imwe kubva kune imwe. Iyo yakavanzika fake vhezheni yobva yarekodha e-mail mameseji, maSMS, nharembozha uye imwe data, nekuti iOS haipindire kune maapplication ane yakafanana chitupa data.
Masque Attack haigone kutsiva default iOS maapplication seSafari kana Email, asi inogona kurwisa zviri nyore akawanda maapplication akatorwa kubva kuApp Store uye inogona kutyisidzira hombe kupfuura iyo WireLurker yakawanikwa svondo rapfuura. Apple yakaita nekukurumidza kuWireLurker uye yakavharira zvitupa zvekambani kuburikidza iyo maapplication akaiswa, asi Masque Attack inoshandisa yakasarudzika manhamba ekuzivisa kupinza maapplication aripo.
Kambani yekuchengetedza FireEye yakaona kuti Masque Attack inoshanda paIOS 7.1.1, 7.1.2, 8.0, 8.1 uye 8.1.1 beta, uye Apple inonzi yakashuma dambudziko mukupera kwaChikunguru gore rino. Nekudaro, ivo vashandisi pachavo vanogona kuzvidzivirira panjodzi inogona nyore nyore - kungosaisa chero zvikumbiro kunze kweApp Store uye usavhure chero zvinonyumwira zvinongedzo mumae-mail uye mameseji. Apple haisati yataura nezve chikanganiso chekuchengetedza.
Apple iri kuita gore rakashata. Mafoni anochinjika, kusakwanisa kufona kubva parunhare, maburi ekuchengetedza senguruve, semi-inoshanda wifi muYosemite (ndiro ruvara rwese rwekuvaka). Ndeapi mazuva apo Apple yakaita zvinhu nemazvo? Ndinoziva, kwaiva kusati kwafa S. Jobs...
Nekudaro, ivo vashandisi pachavo vanogona kuzvidzivirira panjodzi inogona nyore nyore - kungosaisa chero zvikumbiro kunze kweApp Store uye usavhure chero zvinonyumwira zvinongedzo mumae-mail uye mameseji.
Asi izvi hazvina kushanda, nekuti kana zvikashanda, malware uye mavhairasi hazvipo nhasi :)
Izvo hazvina kushanda kune "vanhu vasingateereri", iyo Czech Republic izere nazvo, uye ndosaka mitemo uye kunyanya mitemo yemigwagwa inongova jee kwavari, uye kusateerera kurudziro iyi nezve software isiriyo iri zvakare nzira yekuenda. kuparadza. Saka zvaizoshanda kana zvisiri zvehuori mafungiro;)
Handingasanganisi mitemo yemumigwagwa, zvinosuwisa kuti haina kunyorerwa kuti migwagwa yedu ive isina njodzi, asi kutsigira mapurisa ekanzuru nekutsigira mari kana ichienda kuhomwe yekanzuru :(((((
Asi handiyo nhaurirano apa :)
Ini ndinonyanya kufarira mafungiro evanhu, kunyanya vanobva kuCzech Republic. Kana pachinzvimbo che 1 pakiti yefodya vakatenga 90 maapps emasendi makumi mapfumbamwe ega ega uye vasina kuadhawunirodha kubva kune zvisiri pamutemo zvinyorwa uye vasina kuputsa jeri maPhones avo, vaisazofanira kuchema nezvekurasikirwa nemidziyo yavo inodhura :)
Zvechokwadi, iyi tambo yose yakasikwa mukupindura kuhuporofita husina maturo: "kubva pakufa kwaMabasa, zvinhu zvose zviri kufamba zvakanaka, uye gore rino kunyanya"
Ini handina kufarira kuenzanisa. Mumakore maviri apfuura, ndatenda kushamwari dzangu, ndakabatikana mumusoro uyu uye handifarire zviri kuitika ipapo uye dzimwe nguva zvinosemesa :(
Ndinobvuma kuti mhinduro yangu yakatumirwa paforamu inogona kunge yakatsamwa, asi ini ndini, ndinosvika pakananga pasina kana frills uye ini handifarire kufara, ndinongonyora maonero angu. Nehurombo, dzimwe nguva kunyangwe pamutengo wandinofunga kuti ndakanyora maonero angu zvinonzwisisika, asi vanhu havazive zvandiri kureva :(
Ndakanzwisisa kuenzanisa kune mafungiro kare, asi ndinofunga kuti iyi fananidzo itsva (pamusoro pebhokisi, asi kwete 4x zvikumbiro) inonyanya kunyatsojeka.
Wedzera Mabasa: Ndinofunga Apple parizvino iri kutsvaga. Kunyange zvazvo vasina mutungamiri akaita saS.Jobs, havana kunyanya kuipa. Vane vanhu vakawanda vane ruzivo uye vakangwara vachakwanisa kuuya nezvinhu zvinonakidza, asi zvinotora nguva. Ini pachangu, ndinofunga kuti zvichave zvichigoneka kuenzanisa Apple nhasi uye Apple neS.Jobs kusvika kumakore gumi mushure mekubva kwake, kusvika panguva iyoyo kungoridza mhere, asi ndiwo maonero angu chete ...
Kubvumirana zvachose;)
Vaive nemakomba edziviriro kare uye zvakanyanya kukosha kupfuura izvi ... Semuyenzaniso, vakawedzera iyo ASLR layer muOSX 10.5, asi yainyatsoshanda mu10.7 chete (kana ndisiri kukanganisa mushanduro), tsvaga chirevo che. nyanzvi yekuchengetedza Dino Dai Zovi. Kana ari mabhugi achangoburwa, tsvaga ruzivo nezve Heartbleed, Shell Shock…
Chengetedzo tsikidzi, dzaive, dziripo uye dzichave, zvisinei kana ukashandisa Linux, Windows, OSX, Chrome... Ingori nyaya yenguva OSX kana Linux isati yawedzera kupararira uye masisitimu aya anowedzera kukwezva kune vanogadzira malware, iwe unongoda. haigone kuzvinzvenga uye kana iwe ukati sisitimu "isina zvikanganiso" (sezvandakambotaura nezve Linux), saka uri kungonyepa muhomwe yako ...
Nenzira, kana iwe uchida kutya, tsvaga ruzivo nezve yegore rino Black Hat kuchengetedza musangano uye tarisa hurukuro pa USB firmware kusasimba, icho chinhu bhomba futi :)
anonymous : Ndiyo bhuru zvakare, inondiyeuchidza nezveSobotka. Ndinokurudzira kushandura kune imwe chikuva uye kubvisa iOS uye Mac OS kana S.Jobs yaenda. Ipapo uchagutsikana.
Uye pane yakanyanya kuputsika mudziyo, vanoisa maapplication kubva kumwe kusiri kweAppStore?
Ndingafarirawo izvozvo. Nekuti handisati ndamboona mune yangu iOS mukana wekuisa imwe application kunze kweAppStore. Kana "Isa" yakabuda muvhidhiyo iyoyo, handina kumboiona.
Ehe, iwe unongoda kuve nechikumbiro chakasainwa nechitupa cheBhizinesi, uye chinogona kuiswa nenzira iyi.
Hazvishande pasina jailbreak. Kana tumira chinongedzo uye ini ndichaedza kuisa iyo application pane yangu iPhone pasina jailbreak nenzira iyi.
Lukas Palda ari kutaura chokwadi. Zvinogoneka, asi kune mashoma ekushandisa tekinoroji kana iwo asingafadze zvekuti hauzive nezvawo, asi zvinogoneka :)
Saka ingo tora Storu uye dambudziko rapera
Mhoroi mose ... maererano neni uye chinyorwa, zvakakwana kutevera mitemo inokosha, sepaunenge uchishandisa mamwe madivayiri akabatanidzwa kune mambure (zvisinei nokuti iOS, Android, WIN, nezvimwewo) = usadzvanya zvakabatanidzwa kubva kune vasingazivikanwi vanotumira, usatambe tricks uye kutamba ane ruzivo "hacker", usatora mafaira anofungidzirwa ... Ndakaverenga nyaya yakafanana pa "guhwa" novinky.cz uye kana mumwe munhu achida kukuvadza chero kambani, ivo tsvaga nzira...
Kune avo vanofunga kuti zvakakwana kusava neJailbreak uye kuisa chete kubva kuAppStore:
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
Kubva pandima: "vashandisi veiOS vanogona kuzvidzivirira kubva kuMasque Attacks nekutevera matanho matatu: ...".
Pfupiso: mushure mekudzvanya pane chinongedzo mune e-mail kana sms, dialog box ine sarudzo "Isa" (kana Trust Developer) inogonawo kuoneka kwauri. Ndiko chaikoiko kwedambudziko iri.
Iwe unogona kufunga kuti hausi kudzvanya pane zvinongedzo, asi shamwari dzako, mhuri, nezvimwe. havafanirwe kuve neruzivo rweIT sewe, uye saka zvinokurudzirwa kuvaraira kuti vasadzvanya pa "Isa" uye zvichingodaro.
___
Ndakatora kubva mudzi.cz