登录以后才能看到帖子详情哦!
您需要 登录 才可以下载或查看,没有账号?立即注册
×
Beware of the text message that crashes iPhones
当心苹果手机被短信弄崩溃
Newly discovered iOS bug triggers wave of text messages that causesiDevice reboot.
最近有人发现苹果系统的漏洞会引发短信不稳定,进而导致设备重启。
作者:丹·古丁 May 27, 2015 7:21pm CEST 于5月27日
There's yet another iOS bug thatcauses Apple devices to crash when they receive text messages containing astring of special characters. With further finessing, the same exploit may beable to attack Macs, since OS X is also unable to process the same combinationof characters, which are technically known as glyphs. 还有另一个漏洞——当苹果设备接受一串特殊的字符的时候,它可能会死机。如果经进一步开发,这项发明可以被用来攻击苹果电脑,因为苹果操作系统也不能处理相同的字符组合,这些字符有个专门的名字,叫做“象形字符”。
The menacing combination ofASCII and unicode-basedcharacters looks like this: 这些有威胁的ASSCII码和统一码如下图所示:
According to people investigating the bugon reddit, the text causesiPhones running various versions of iOS to promptly crash. A flurry of Twitterusers, angry that their devices fell victim to text messages, indicates thatthe bug is causing problems. Apple will almost certainly issue a fix. In themeantime, users can protect themselves against the nuisance text by going tosystem settings, navigating toNotifications>Messages>Show Previews, andturning it to off. 根据红迪网对这项漏洞的调查,这些文本使苹果手机同时运行多个版本的系统并迅速死机。这引发了推特用户的一片恐慌,他们对自己的设备会被短信息攻击感到愤怒,并表示这一漏洞制造了大麻烦。苹果方面称,他们一定会给出一个解决方案。与此同时,用户可以通过进行系统设置来保护自己不被这些讨厌的文本攻击。(操作进入通知>信息>显示选择为关闭)
That change will prevent attacks that are currently circulatingonline, but it may not stop miscreants from finding new ways to crash people'siDevices. According to the reddit thread, messages sent over WhatsApp may alsotrigger the crash. And depending on the way individual apps parse Unicodeglyphs, other programs may do the same thing. The bug can also trip up OS X,although the attack requires a target to concatenate or paste a malicious fileinto the Mac terminal, according to a researcher who goes by the Twitter handle Hacker Fantastic. 这项改变能抵挡当前网络上流行的攻击,但是它可能无法阻止不法分子找到让你的苹果设崩溃的新方法。根据红迪网提供的线索,通过whatsapp发送信息也可能引发死机。不仅如此,其他软件利用个人软件解析统一码的方法也能这么做。根据一名推特上网名为"极为出色的黑客"的调查组织称,这个漏洞同样能让苹果操作系统崩溃,尽管这些攻击需要一个连接目标,或向苹果电脑终端复制一个恶意文件。
HackerFantastic has tweeted a variety of other interesting technical details. The bug, he reported, resides in a part of theoperating system that processes Unicode glyphs andcauses a string to be writtento a particular memory location. The bug is tied to the way bannernotifications process Unicode, reddit reader sickestdancer98 reported. Thebanner is unable to display the text and eventually crashes the entire OS. "极为出色的黑客"向我们推送了一份丰富有趣的技术细节。据该黑客组织爆料,这个漏洞存在于包含统一码的操作系统的一部分,并且使一串字符被写在一个特定的存储位置。红迪网的一位用户名为sickestdancer98的读者指出,这个漏洞是被绑定在发布包含统一码的标语的路径上的。这个标语不能显示文本并最终使整个苹果系统崩溃。
While the bug is rightfully regarded primarily as a nuisance,denial-of-service vulnerabilites can often be the result of serious flaws that,with more work, can be exploited to perform code-execution attacks. And evenwhen more malicious exploits aren't possible, DoS holes can sometimes presentopportunities for extortionists or people looking to disrupt large events—forinstance people at a conference. Expect Apple to release a patch in the comingweek or so. 当这个漏洞已经被意识到是一种危害的时候,拒绝提供服务常常会引发严重的缺陷,这个漏洞可能会被加以利用进行代码攻击。在最坏的情况下,系统漏洞有时会给敲诈勒索者提供机会,或者又会打断人们在进行的一场大型会议。我们希望苹果能在下周或之后发布一个补丁包。
(本文摘自2015年5月27日《Arstechnica》杂志)
翻译仅供学习交流,严禁用于商业用途
PDF文档下载:
| 
发表于 2015-9-26 15:14:10
