{"id":13790,"date":"2022-04-20T19:30:03","date_gmt":"2022-04-20T16:30:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=13790"},"modified":"2022-04-20T19:30:03","modified_gmt":"2022-04-20T16:30:03","slug":"mac-kullanicilarinin-kapaliligini-riske-atan-guvenlik-acigi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=13790","title":{"rendered":"Mac Kullan\u0131c\u0131lar\u0131n\u0131n Kapal\u0131l\u0131\u011f\u0131n\u0131 Riske Atan G\u00fcvenlik A\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<p>Yak\u0131n vakitte Mac bilgisayarlarda yeni bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 saptand\u0131. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan, berbat aksiyonlar\u0131 ile \u00fcn kazanm\u0131\u015f hacker k\u00fcmesi <strong>Lazarus<\/strong>, sinsi bir ziyanl\u0131 yaz\u0131l\u0131mla kullan\u0131c\u0131lar\u0131n z\u0131mnilik haklar\u0131n\u0131 ihlal ediyor.\u00a0Yaz\u0131l\u0131m\u0131 Mac kullan\u0131c\u0131lar\u0131na bula\u015ft\u0131rmak isteyen k\u00fcme, antivir\u00fcs programlar\u0131ndan gizlenmek i\u00e7in<strong> yaz\u0131l\u0131m\u0131 sabit diske depolamayan\u00a0bir teknik uyguluyor.<\/strong><\/p>\n<p>Ziyanl\u0131 hacker k\u00fcmesi Lazarus, 2017 y\u0131l\u0131nda Microsoft kullan\u0131c\u0131lar\u0131n\u0131 hedefleyen bir fidye yaz\u0131l\u0131myla\u00a0g\u00fcndeme gelmi\u015fti. Bu ziyanl\u0131 yaz\u0131l\u0131m sayesinde bir\u00e7ok insan\u0131n bilgisayar\u0131na s\u0131zan k\u00fcme, bitcoin \u00fcnitesi ile bu insanlardan fidye toplam\u0131\u015ft\u0131.<\/p>\n<p><b>Sabit diskte bar\u0131nm\u0131yor<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/33\/fba493fb23204849960c3604d0df3f0a513015da.jpeg\"\/><\/p>\n<p>Mac g\u00fcvenlik uzman\u0131 Patrick Wardle&#39;\u0131n aktard\u0131\u011f\u0131 bilgilere nazaran bu yaz\u0131l\u0131m<strong> belle\u011fe s\u0131z\u0131yor ve ayg\u0131t\u0131n sabit diskinde hi\u00e7bir kal\u0131nt\u0131 b\u0131rakmadan i\u015fliyor.<\/strong> Ziyanl\u0131 kodun sabit diske kaydolmadan belle\u011fe y\u00fcklenmesi, antivir\u00fcs programlar\u0131n\u0131n durumu saptamas\u0131n\u0131n \u00f6n\u00fcne ge\u00e7iyor. Zira ortada saptayacak bir evrak olmuyor.<\/p>\n<p><b>Yaz\u0131l\u0131m\u0131 saptayabilen programlar art\u0131yor<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/33\/766987380b79e815b32ca4a7622d14cd03f06365.jpeg\"\/><\/p>\n<p>Tekrar de sorunu \u00e7\u00f6zebilecek bir umut \u0131\u015f\u0131\u011f\u0131 var. Yaz\u0131l\u0131m asl\u0131nda b\u00fcsb\u00fct\u00fcn belgesiz de\u011fil. Vir\u00fcs\u00fcn bula\u015fmas\u0131n\u0131n birinci evrsinde &#39;UnionCryptoTrader.dmg&#39; isminde bir <strong>kripto para \u00fcnitesi uygulamas\u0131 bilgisayara y\u00fckleniyor<\/strong>. VirusTotal&#39;a nazaran \u015fu anda 57 vir\u00fcs saptama program\u0131ndan <strong>17&#39;s<\/strong>i bu ziyanl\u0131 yaz\u0131l\u0131m\u0131 saptayabiliyor. Daha \u00f6ncesinde, vir\u00fcs bu hafta ba\u015f\u0131 birinci defa g\u00fcndeme geldi\u011finde<strong> bu say\u0131 yaln\u0131zca ikiydi.<\/strong><\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar\u0131n, Lazarus&#39;un bu ziyanl\u0131 yaz\u0131l\u0131m\u0131n gerisinde oldu\u011funu d\u00fc\u015f\u00fcnme sebebinin, hayalet yaz\u0131l\u0131m\u0131n \u00f6zellikler listesi ve binary k\u0131sm\u0131n\u0131n uygulama kaynak dizininde depolan\u0131yor olmas\u0131 oldu\u011fu s\u00f6yleniyor. Bu teknik, bilhassa Lazarus k\u00fcmesi taraf\u0131ndan kullan\u0131lmas\u0131yla biliniyor.<\/p>\n<p>Partick Wardle, hususla ilgili olarak blogunda \u015fu tabirlere yer verdi: <em>&#8220;Bir i\u00e7 bellek s\u00fcre\u00e7 manzaras\u0131n\u0131n nizam\u0131, diskteki foto\u011fraftan farkl\u0131 oldu\u011fundan, bir belge basit\u00e7e belle\u011fe kopyalan\u0131p direkt y\u00fcr\u00fct\u00fclemez. Bunun yerine &#39;NSCreateObjectFileImageFromMemory&#39; ve &#39;NSLinkModule&#39; \u00fczere API&#39;lerin kullan\u0131lmas\u0131 gerek.&#8221;<\/em><\/p>\n<p>Yaz\u0131l\u0131m daha \u00e7ok kripto para ticaretinde bulunan kullan\u0131c\u0131lar\u0131 hedefliyor. Yaz\u0131l\u0131mdan uzak durmak ve korunmak i\u00e7in yapman\u0131z gereken kolay: internet \u00fczerinden ku\u015fkulu bir yaz\u0131l\u0131m indirmedi\u011finizden emin olun.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Yak\u0131n vakitte Mac bilgisayarlarda yeni bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 saptand\u0131. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan, berbat aksiyonlar\u0131 ile \u00fcn kazanm\u0131\u015f hacker &#8230;<\/p>\n","protected":false},"author":1,"featured_media":13791,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[1948,1237,1713],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/13790"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13790"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/13790\/revisions"}],"predecessor-version":[{"id":13792,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/13790\/revisions\/13792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/13791"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}