{"id":21460,"date":"2022-05-04T22:24:03","date_gmt":"2022-05-04T19:24:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=21460"},"modified":"2022-05-04T22:24:03","modified_gmt":"2022-05-04T19:24:03","slug":"google-tum-apple-aygitlari-etkileyen-bir-acik-kesfetti","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=21460","title":{"rendered":"Google, T\u00fcm Apple Ayg\u0131tlar\u0131 Etkileyen Bir A\u00e7\u0131k Ke\u015ffetti"},"content":{"rendered":"<p><strong>&#39;S\u0131f\u0131r t\u0131klama<\/strong> <strong>a\u00e7\u0131klar\u0131&#39;<\/strong>, geli\u015ftiriciler taraf\u0131ndan fark edilmeyen ve eser ortaya \u00e7\u0131kt\u0131\u011f\u0131 anda eserde olan a\u00e7\u0131klar\u0131 tan\u0131mlamakta kullan\u0131lan bir s\u00f6zd\u00fcr. Bu \u00e7e\u015fitten a\u00e7\u0131klar s\u0131k g\u00f6r\u00fclse de bilhassa b\u00fcy\u00fck \u00fcreticiler pek bu yanl\u0131\u015flar\u0131 yapmaz. Hatta Apple, daha evvel bu cinsten bir a\u00e7\u0131k bulana <strong>250 bin dolar<\/strong> <strong>\u00f6d\u00fcl <\/strong>verece\u011fini a\u00e7\u0131klam\u0131\u015ft\u0131.<\/p>\n<p>G\u00f6r\u00fcn\u00fc\u015fe nazaran firma, bu \u00f6d\u00fcllerden birini Google\u2019\u0131n <strong>Project Zero <\/strong>tak\u0131m\u0131na verecek. Tak\u0131m\u0131n buldu\u011fu s\u0131f\u0131r t\u0131klama a\u00e7\u0131\u011f\u0131n\u0131n iPhone\u2019lar\u0131 ve \u00f6teki <strong>Apple <\/strong>eserlerini etkiledi\u011fi belirtildi. Hususla ilgili tak\u0131m\u0131n blog sayfas\u0131nda\u00a0a\u00e7\u0131klama yap\u0131ld\u0131.<\/p>\n<p><b>Apple eserlerinde a\u00e7\u0131k:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/59\/9519404f3979966bef4082a62589f001e49946fe.jpeg\"\/><\/p>\n<p><strong>Project Zero<\/strong> grubu, sorunun multimedya i\u015flemekte kullan\u0131lan <strong>ImageIO <\/strong>yap\u0131s\u0131nda oldu\u011funu s\u00f6yledi. Bu yap\u0131; iOS, macOS, watchOS ve tvOS i\u015fletim sistemlerinin tamam\u0131nda kullan\u0131l\u0131yor, h\u00e2liyle bu sorun her ayg\u0131tta yer al\u0131yor.<\/p>\n<p>ImageIO, bir g\u00f6rsel ya da ileti g\u00f6nderildi\u011finde i\u00e7eri\u011fini bizatihi k\u0131ymetlendiriyor ve evrak\u0131n ne oldu\u011funa <strong>kendisi <\/strong>karar veriyor. Bu \u00e7e\u015fit otomatik s\u00fcre\u00e7ler de farkl\u0131 belgelere ziyanl\u0131 kodlar saklayabilen hackerlar\u0131n <strong>i\u015ftah\u0131n\u0131n kabarmas\u0131na <\/strong>neden oluyor.\u00a0<\/p>\n<p>Google analistleri &#39;<em>fuzzing&#39;<\/em>\u00a0ad\u0131 verilen tekni\u011fi kullanarak <strong>ImageIO\u2019nun <\/strong>yan\u0131lg\u0131l\u0131 g\u00f6rsel i\u015flemeyle nas\u0131l ba\u015fa \u00e7\u0131kt\u0131\u011f\u0131n\u0131 inceledi. Akabinde da bu yap\u0131 i\u00e7erisinde 6, <strong>OpenEXR <\/strong>isimli \u00fc\u00e7\u00fcnc\u00fc parti uygulamadaysa ekstradan 8 adet daha a\u00e7\u0131k buldu.\u00a0<\/p>\n<p><b>Google, Apple\u2019a a\u00e7\u0131klar hakk\u0131nda bilgi verdi:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/59\/fe11cab508ed75bc224af810a62566856b04d2f2.jpeg\"\/><\/p>\n<p>A\u00e7\u0131klar \u00fc\u00e7\u00fcnc\u00fc parti iletile\u015fme uygulamalar\u0131yla istismar edilebilecek olsa da as\u0131l sorun, uygulamalar\u0131n ba\u011fl\u0131 olarak \u00e7al\u0131\u015ft\u0131\u011f\u0131 kaynaktan geliyor. Yani sorunun tahlili i\u00e7in <strong>Apple\u2019\u0131n <\/strong>bir \u015feyler yapmas\u0131 gerekiyor.\u00a0Google analistleri, ke\u015ffettikleri a\u00e7\u0131klar\u0131 Apple\u2019a bildirdi. Firman\u0131n daha evvel de yay\u0131nlad\u0131\u011f\u0131 g\u00fcncellemelerde bu cinsten a\u00e7\u0131klar\u0131 <strong>kapatt\u0131\u011f\u0131n\u0131\u00a0<\/strong>biliyoruz. ImageIO a\u00e7\u0131klar\u0131, Ocak 2020 ve Nisan 2020\u2019de\u00a0yay\u0131nlanan yamalarda giderilmi\u015fti. <strong>OpenEXR <\/strong>s\u0131k\u0131nt\u0131lar\u0131 en son g\u00fcncelleme\u00a0olan 2.41 g\u00fcncellemesinde ortadan kald\u0131rm\u0131\u015ft\u0131.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, kullan\u0131c\u0131lar\u0131n muhakkak cinslerdeki iletilerin <strong>sonland\u0131r\u0131lmas\u0131n\u0131n <\/strong>yararl\u0131 olaca\u011f\u0131n\u0131 belirtiyor. Ara\u015ft\u0131rmac\u0131lardan Samuel Gross ise tak\u0131m\u0131n ke\u015ffetti\u011fi a\u00e7\u0131klar kapat\u0131lmas\u0131na kar\u015f\u0131n emsal problemlerin devam etti\u011fini s\u00f6yl\u00fcyordu.\u00a0Herhangi bir i\u015fletim sisteminin <strong>b\u00fcsb\u00fct\u00fcn inan\u00e7l\u0131 <\/strong>olmas\u0131 pek de m\u00fcmk\u00fcn de\u011fil. G\u00fcvenlik uzmanlar\u0131 ve hackerler, bir nevi bitmeyen yar\u0131\u015f i\u00e7erisinde. Bu da sahip oldu\u011fumuz yaz\u0131l\u0131mlar\u0131 <strong>yeni tutman\u0131n k\u0131ymetini <\/strong>vurguluyor.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>&#39;S\u0131f\u0131r t\u0131klama a\u00e7\u0131klar\u0131&#39;, geli\u015ftiriciler taraf\u0131ndan fark edilmeyen ve eser ortaya \u00e7\u0131kt\u0131\u011f\u0131 anda eserde olan a\u00e7\u0131klar\u0131 tan\u0131mlamakta &#8230;<\/p>\n","protected":false},"author":1,"featured_media":21461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[3724,889,941,1464],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/21460"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21460"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/21460\/revisions"}],"predecessor-version":[{"id":21462,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/21460\/revisions\/21462"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/21461"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}