英語閱讀 學(xué)英語,練聽力,上聽力課堂! 注冊 登錄
> 輕松閱讀 > 雙語閱讀 >  內(nèi)容

中國黑客攻破蘋果Safari瀏覽器

所屬教程:雙語閱讀

瀏覽:

手機(jī)版
掃描二維碼方便學(xué)習(xí)和分享

來自中國安全研究團(tuán)隊(duì)Keen Team在上周的黑客大賽中攻克了公認(rèn)最安全的蘋果瀏覽器Safari,贏得了4萬美元的獎(jiǎng)金。團(tuán)隊(duì)成員表示,其中部分獎(jiǎng)金將捐獻(xiàn)出來,救助馬航失聯(lián)客機(jī)MH370乘客的家屬。

Everybody's Web software got "pwned" at the Pwn2Own hackers conference this week: Apple's (AAPL) Safari, Google's (GOOG) Chrome, Microsoft's (MSFT) Internet Explorer, Mozilla's Firefox and Adobe's (ADBE) Reader and Flash。

上周舉行的Pwn2Own黑客大賽中,所有網(wǎng)絡(luò)軟件包括蘋果(Apple)Safari瀏覽器、谷歌(Google)Chrome瀏覽器、微軟 (Microsoft)的IE瀏覽器、Mozilla公司的火狐瀏覽器(Firefox),以及Adobe公司的PDF閱讀器(Adobe Reader)及瀏覽器插件Adobe Flash都被黑客徹底攻破。

Chrome was hacked by a French team from Vupen Security with a use-after-free vulnerability that affects both the WebKit and Blink rendering engines。

法國安全公司Vupen利用一個(gè)Use-After-Free 漏洞攻破了Chrome瀏覽器。這個(gè)漏洞對兩種瀏覽器內(nèi)核WebKit及Blink都有影響。

Safari was defeated by Liang Chen, one of a pair Chinese Keen Team hackers, using a heap-overflow-and-sandbox-bypass combination that took three months to perfect。

來自中國安全研究團(tuán)隊(duì)Keen Team的陳良利用一個(gè)堆溢出及沙箱繞過組合攻破了蘋果的Safari瀏覽器。這個(gè)團(tuán)隊(duì)共用了三個(gè)月時(shí)間來完善這個(gè)組合。

"For Apple, the OS is regarded as very safe and has a very good security architecture," Chen told ThreatPost's Michael Mimoso. "Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

“蘋果的OS操作系統(tǒng)被認(rèn)為是非常安全的,具備非常好的安全架構(gòu),”陳良告訴安全信息網(wǎng)站ThreatPost的邁克爾 米莫蘇說。“即使它有漏洞,也很難被攻破。今天我們證明,利用一些先進(jìn)技術(shù),OS操作系統(tǒng)還是可以被攻破。但總體來說,這個(gè)系統(tǒng)的安全性要高于所有其它操作系統(tǒng)。”

Keen Team的陳良(右)正展示Adobe Flash漏洞利用

In a separate interview with CNET, Chen said that OS X is harder to attack than iOS 7.0 because Apple issues security updates for its desktop operating system more frequently than for its mobile OS。

在接受CNET科技資訊網(wǎng)的單獨(dú)采訪時(shí),陳良說道,OS X系統(tǒng)比iOS 7.0更難攻破,因?yàn)樘O果為桌面操作系統(tǒng)提供的安全更新比為移動(dòng)操作系統(tǒng)提供的更為頻繁。

The two-day event, sponsored by Hewlett-Packard (HPQ) and organized by the HP-owned Zero-Day Initiative, paid out $850,000 in prize money to eight teams of competitors, plus another $82,500 in charitable donations. The event was staffed by observers from Apple and the other companies, which will presumably now start patching those holes。

由惠普公司(Hewlett-Packard)贊助、惠普零日計(jì)劃(Zero-Day Initiative)組織的Pwn2Own黑客大賽為期兩天,共為八個(gè)參賽團(tuán)隊(duì)提供了85萬美元的總獎(jiǎng)金,并為慈善機(jī)構(gòu)捐出了8.25萬美元善款。除參賽團(tuán)隊(duì)外,參加這次活動(dòng)的還有許許多多來自蘋果及其它公司的觀察員,他們將在大賽結(jié)束后著手修補(bǔ)這些安全漏洞。

"I think the Webkit fix will be relatively easy," Chen told Mimoso. "The system-level vulnerability is related to how they designed the application; it may be more difficult for them."

“我認(rèn)為Webkit漏洞比較容易修復(fù),”陳良告訴米莫蘇。“而系統(tǒng)級別的漏洞與程序設(shè)計(jì)相關(guān),因此可能更難修復(fù)。”


用戶搜索

瘋狂英語 英語語法 新概念英語 走遍美國 四級聽力 英語音標(biāo) 英語入門 發(fā)音 美語 四級 新東方 七年級 賴世雄 zero是什么意思上海市蓬萊路212弄小區(qū)英語學(xué)習(xí)交流群

網(wǎng)站推薦

英語翻譯英語應(yīng)急口語8000句聽歌學(xué)英語英語學(xué)習(xí)方法

  • 頻道推薦
  • |
  • 全站推薦
  • 推薦下載
  • 網(wǎng)站推薦