Google's Threat Analysis Group (TAG) has published a blog post detailing a number of exploits in iOS that allowed hacked websites to hack into an iPhone simply if the iPhone visited the site.
谷歌威胁分析小组(TAG)在博客上详细介绍了一些iOS上的漏洞,iPhone只要访问被黑客入侵的网站,这些网站就能轻易黑进iPhone。
Once an iPhone did that, malware was installed on the device that allowed the hackers to monitor the iPhone's live location every 60 seconds as well as upload virtually any files from the iPhone—including iMessage and WhatsApp messages.
iPhone一旦访问这些网站,就会被安装恶意软件,黑客每隔60秒就能监控iPhone的实时位置,还可以从iPhone上上传任何文件,包括iMessage和WhatsApp的信息。
TAG says the exploit "may be one of the largest attacks against iPhone users ever." It reportedly affected iPhones running iOS 10 to iOS 12:
威胁分析小组称这个漏洞“可能是目前针对iPhone用户最大的一个威胁”,据称它会影响iPhone iOS 10到iOS 12的每个版本。
Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone's web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery.
我们和威胁分析小组合作发现五个攻击链中共有14个漏洞:其中7个针对iPhone的网络浏览器、5个针对内核,还有2个独立的沙箱逃逸。初步分析表明特权升级链中至少有一个仍然是零日漏洞(指被发现后立即被恶意利用的安全漏洞),而且发现以后没有进行修复。
There is some good news, however. First, an iPhone user had to visit one of the hacked websites in order for their iPhone to be infected. TAG did not specify which websites were hacked, but their report says the sites received "thousands of visitors per week," suggesting the sites received relatively minor traffic relative to the number of iPhones in the wild.
但也有好消息。首先iPhone用户需要访问一个被黑的网站才会被攻击,威胁分析小组并未具体说明哪些网站被黑了,但报告中称这些网站“每周有数千访问者”,相比iPhone的使用量来说这些网站的访问量只是很小一部分。
Further, even if the malware made it onto an iPhone, when a user restarted their iPhone, the malware would be wiped clean in most instances. Of course, news of any exploits in iOS isn't good—no matter how few users were impacted.
而且即使iPhone被安装了恶意软件,在大多数情况下用户重启手机后恶意软件都会被清理干净。当然任何关于iOS漏洞的消息都不是好消息,即使受影响人数很少。
The good news is that Apple acted quickly once TAG alerted them to the exploits. TAG says it contacted Apple about the exploits on February 1, 2019, and Apple fixed all of the exploits just six days later with the release of iOS 12.1.4 on February 7, 2019.
好消息是威胁分析小组一提醒苹果公司漏洞的问题,他们就立刻采取了行动,威胁分析小组称在2019年2月1日就漏洞问题联系了苹果公司,该公司仅用6天就修复了所有漏洞,在2019年2月7日发布了iOS 12.1.4。
中考英语阅读复习全攻略 郝月菲老师
初三英语首次月考 07北京四中
09中考英语作文用好提示词
08三帆中学初三英语四月月考试题完形填空
中考英语备考六大难题分析与解决 成绩忽高忽低等
08初三英语月考练习 北大附中
09四中签约 内部英语试题完形填空分析
初中生怎样学好英语小秘诀
中考英语 多听多练多做
09签约四中必读:英语阅读部分答案与讲解
初中英语语法—四大基本时态讲解与习题
中考英语 定语从句专项训练
中考英语对动词的考查主要集中在哪些方面?
初中英语定语从句用法及配套练习
初中英语 常见习惯用语经典例题50道讲解
中考英语语法总结---形容词副词代词介词连词和数词
中考英语通关 名师教你如何复习
初中英语时态专项练习100题和答案
怎样提高初中生英语阅读的速度的方法
初中英语语法轻松记忆口诀10段集锦
初中英语语法总结---名词
中考英语交际口语易错题10例详解
中考英语阅读解题策略
09中考英语预测题汇总与中考英语精华解题思路
中考英语新词汇 备考五级新词
08中考英语作文题目及范文 各省市集锦
中考英语中Like 用法归纳
初中英语句子 必须掌握的主要句式讲解及例子分析
初中英语 定语从句常见错误例析
中考英语写作精彩点评与修改
不限 |
英语教案 |
英语课件 |
英语试题 |
不限 |
不限 |
上册 |
下册 |
不限 |