据报道,Mac安全漏洞让攻击者可以绕过应用程序保护措施
Mac security hole reportedly lets attackers bypass app safeguards
122字
2020-01-10 14:58
63阅读
火星译客

Apple may have another Gatekeeper security flaw on its hands. Researcher Filippo Cavallarin has detailed a macOS vulnerability that he said would let attackers install malware without the usual permission request. As Gatekeeper considers network shares to be 'safe' locations that don't require permission checks, an intruder just has to trick the user into mounting one of those shares to run the apps they like. A maliciously crafted ZIP file with the right symbolic link could automatically steer you to an attacker-owned site, for example, and it would be easy to trick someone into launching a hostile app -- say, a virus masquerading as a document folder.

苹果手上可能还有另一个Gatekeeper安全漏洞 。研究员Filippo Cavallarin 详细介绍了一个macOS漏洞,他说这个漏洞可以让攻击者在没有通常的权限请求的情况下安装恶意软件。由于Gatekeeper认为网络共享是不需要权限检查的“安全”位置,因此入侵者只需欺骗用户安装其中一个共享来运行他们喜欢的应用程序。例如,具有正确符号链接的恶意制作的ZIP文件可以自动引导您访问攻击者拥有的网站,并且很容易诱骗某人发布恶意应用程序 - 例如伪装成文档文件夹的病毒。

0 条评论
评论不能为空