{"id":19948,"date":"2022-05-02T03:48:04","date_gmt":"2022-05-02T00:48:04","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=19948"},"modified":"2022-05-02T03:48:04","modified_gmt":"2022-05-02T00:48:04","slug":"apple-web-kameralarini-ele-gecirmenin-yolu-bulundu","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=19948","title":{"rendered":"Apple Web Kameralar\u0131n\u0131 Ele Ge\u00e7irmenin Yolu Bulundu"},"content":{"rendered":"<p><strong>Apple,<\/strong> g\u00fcvenli\u011fe verdi\u011fi de\u011ferle \u00fcn kazanm\u0131\u015f olsa da son y\u0131llarda <strong>Safari<\/strong> taray\u0131c\u0131s\u0131ndaki problemler g\u00f6ze \u00e7arp\u0131yordu. Son olarak\u00a0Safari&#39;deki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kullanarak Apple web <strong>kameralar\u0131n\u0131n<\/strong> <strong>ve<\/strong> <strong>mikrofonlar\u0131n\u0131n<\/strong> ele ge\u00e7irebilece\u011fi ortaya \u00e7\u0131kar\u0131ld\u0131. \u015eirket, bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 ocak ve mart ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 g\u00fcncellemelerle ortadan kald\u0131 lakin g\u00fcncellemeler \u00f6ncesinde bir Apple kullan\u0131c\u0131s\u0131n\u0131n yaln\u0131zca tek bir makus niyetli irtibata t\u0131klamas\u0131, kameras\u0131n\u0131n ele ge\u00e7irilmesine yetiyordu.<\/p>\n<p>Apple&#39;\u0131n g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 ortaya \u00e7\u0131karan g\u00fcvenlik uzman\u0131\u00a0<strong>Ryan<\/strong> <strong>Pickren<\/strong>, Safari&#39;nin kullan\u0131c\u0131lara site eri\u015fim m\u00fcsaadeleri tercihlerini kaydetmeye te\u015fvik etti\u011fini belirtiyor. \u00d6rne\u011fin Skype&#39;a giri\u015f yapt\u0131\u011f\u0131n\u0131zda, Skpye&#39;\u0131n sizin kamera ve mikrofonunuza eri\u015fim m\u00fcsaadesini onayl\u0131yorsunuz. Pickren&#39;e nazaran Skype&#39;a benzeyen <strong>mak\u00fbs<\/strong> <strong>niyetli<\/strong> uydurma bir internet sitesinin yarat\u0131lmas\u0131, sald\u0131rganlar\u0131n eri\u015fim m\u00fcsaadesi sa\u011flamas\u0131na yetecek bir ad\u0131m olarak g\u00f6r\u00fcl\u00fcyor. Skype&#39;a daha evvel eri\u015fim m\u00fcsaadesi sa\u011flad\u0131\u011f\u0131n\u0131zda ge\u00e7ersiz siteyi &#39;<strong>Skype<\/strong>&#39; zanneden <strong>Safari<\/strong>, m\u00fcsaadeleri sald\u0131rgana da ge\u00e7irmi\u015f oluyor.\u00a0<\/p>\n<p><b>K\u00fc\u00e7\u00fck dikkatsizlikler b\u00fcy\u00fck s\u0131k\u0131nt\u0131lara yol a\u00e7abilir:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/55\/b16206f529efbbc61f38a63c8c4938da058e92ae.jpeg\"\/><\/p>\n<p>Pickren&#39;in buldu\u011fu kusurlar asl\u0131nda \u00e7ok k\u00fc\u00e7\u00fck dikkatsizliklerden kaynaklan\u0131yor. \u00d6rne\u011fin, Safari&#39;nin kullan\u0131c\u0131 taraf\u0131ndan onaylanan internet sitelerinin eri\u015fim m\u00fcsaadesi listelerinde t\u00fcm URL varyasyonlar\u0131na <strong>t\u0131pk\u0131<\/strong> <strong>siteymi\u015f<\/strong> \u00fczere davran\u0131l\u0131yor. Yani &#39;<em>https:\/\/www.example.com<\/em>&#39;, &#39;<em>http:\/\/example.com<\/em>&#39; ve\u00a0&#39;<em>fake:\/\/example.com<\/em>&#39; adresleri birebir izinlere tabi oluyor. Bu noktada Pickren de \u00f6zel olarak tasarlanan URL&#39;lerin y\u00f6nlendirdi\u011fi mak\u00fbs niyetli siteler yaratarak Safari&#39;yi kand\u0131rmay\u0131 ba\u015farm\u0131\u015f.<\/p>\n<p>Kullan\u0131c\u0131lar\u0131 uydurma bir temasla kand\u0131rmaya ba\u015faran bir hacker, bu sayede Apple kullan\u0131c\u0131s\u0131n\u0131n kameras\u0131na ve mikrofonuna eri\u015ferek <strong>ses ya da g\u00f6r\u00fcnt\u00fc kaydedebilir,\u00a0foto\u011fraf \u00e7ekebilir.<\/strong>\u00a0Ayr\u0131ca bu sald\u0131r\u0131\u00a0t\u00fcm\u00a0iPhone&#39;lar, iPad&#39;ler ve\u00a0Mac&#39;ler i\u00e7in ge\u00e7erli. Bu ar\u0131za, Apple&#39;\u0131n mikrofon ya da kameras\u0131nda, hatta Safari&#39;nin kendi savunma sisteminde bile de\u011fil. Sadece\u00a0hackerlar\u0131n kand\u0131rma yetene\u011fine ba\u011fl\u0131 ve ba\u015fka t\u00fcm tedbirlerin etraf\u0131ndan dola\u015fan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/55\/2acb1ee61534744bf09ffdc33658b5b8e19803b0.jpeg\"\/><\/p>\n<p>Pickren aral\u0131k ay\u0131 ortalar\u0131nda Apple&#39;\u0131n &#39;bug bounty&#39; program\u0131na <strong>yedi<\/strong> <strong>g\u00fcvenlik<\/strong> <strong>a\u00e7\u0131\u011f\u0131<\/strong> bildirmi\u015f ve sonraki g\u00fcn a\u00e7\u0131klar\u0131 do\u011frulayan bir kar\u015f\u0131l\u0131k alm\u0131\u015f. Hackerlar\u0131n\u00a0<strong>yaln\u0131zca \u00fc\u00e7 a\u00e7\u0131\u011f\u0131<\/strong> kullanarak bir Apple ayg\u0131t\u0131n web kameras\u0131n\u0131 ele ge\u00e7irebilece\u011fini g\u00f6steren Pickren,\u00a0ara\u015ft\u0131rmalar\u0131na devam ederken bununla temasl\u0131 ba\u015fka a\u00e7\u0131klar\u0131 da fark etmi\u015f. Bunun nedeniyse\u00a0uzman\u0131n hem macOS hem de iOS&#39;ta \u00e7al\u0131\u015fan bir ak\u0131n zincirini ara\u015ft\u0131rmas\u0131 olmu\u015f \u00e7\u00fcnk\u00fc Safari bu iki i\u015fletim sisteminde biraz farkl\u0131 tasarlanm\u0131\u015f durumda.<\/p>\n<p>Pickren, bildirdi\u011fi g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 bildirmesinin\u00a0kar\u015f\u0131l\u0131\u011f\u0131 olarak Apple&#39;dan <strong>75.000<\/strong> dolar \u00f6d\u00fcl almaya hak kazand\u0131.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Apple, g\u00fcvenli\u011fe verdi\u011fi de\u011ferle \u00fcn kazanm\u0131\u015f olsa da son y\u0131llarda Safari taray\u0131c\u0131s\u0131ndaki problemler g\u00f6ze \u00e7arp\u0131yordu. Son olarak\u00a0Safari&#39;deki &#8230;<\/p>\n","protected":false},"author":1,"featured_media":19949,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[3724,889,1125,883,1538],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19948"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19948"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19948\/revisions"}],"predecessor-version":[{"id":19950,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19948\/revisions\/19950"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/19949"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19948"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19948"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19948"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}