buzzbee wrote:
嚇死人了,再下單一台(恕刪)
刺激經濟救蘋果,欸不是,應該是刺激經濟救台灣(產線)才對。
基本上此漏洞無法繞過沙盒也無法攻擊正常軟體,自動偵測利用漏洞的軟體避免被上架到官方App Store也不會很困難,使用上需要有兩個軟體(病毒或廣告軟體)事先互相串通好,才可以互相交換訊息,但你從網路上隨便下載的兩個軟體如果他們串通要互相交換訊息的方式有無限多種,所以實際上沒有什麼影響
這則新聞最主要的特點就是發現者故意模仿最近其他開發者揭露漏洞時喜歡架一個精美的介紹網站,有點潮諷資安界喜歡誇大其詞或使用聳動標題的陋習
以下為9to5Mac節錄該網站充滿詼諧風格的Q&A
Can malware use this vulnerability to take over my computer?
No.
Can malware use this vulnerability to steal my private information?
No.
Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.
Can this be exploited from Javascript on a website?
No.
Can this be exploited from Java apps?
Wait, people still use Java?
Can this be exploited from Flash applets?
Please stop.
Can I catch BadBIOS from this vulnerability?
No.
Wait, is this even real?
It is.
So what’s the real danger?
If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way. Chances are it could communicate in plenty of expected ways anyway.
That doesn’t sound too bad.
Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps. Wait. Oh no. Some game developer somewhere is going to try to use this as a synchronization primitive, aren’t they. Please don’t. The world has enough cursed code already. Don’t do it. Stop it. Noooooooooooooooo […]
So what’s the point of this website?
Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn’t mean you need to care. If you’ve read all the way to here, congratulations! You’re one of the rare people who doesn’t just retweet based on the page title :-)
智障真的要有底線
內文搜尋
從 APP 打開
X