I "bug" kwiSafari ikuvumela ukuba uvuze ulwazi kwiakhawunti yakho kaGoogle

I-Apple kunye noGoogle benza i-API edibeneyo kwaye iYurophu iqala ukuyamkela

Ihacker ifumene umngxuma onzima wokhuseleko kuwo safari, Isikhangeli semveli se-Apple, apho ezinye iinkcukacha zabucala zeakhawunti yakho kaGoogle zinokuvuzwa, kubandakanya nembali yokukhangela yamva nje.

Lo msebenzisi sele ekhona yazisa inkampani, ke sinethemba lokuba uhlaziyo lwesikhangeli sexesha elizayo luza kusombulula ingxaki yokhuseleko echongiweyo kungekudala. Siza kube siyibukele.

Kwaqhekeza umnxeba Ushicilelo lweminweJS upapashe kwiifayile zakhe blog ubhaqo okuphazamisayo noko. Umngxuma wokhuseleko kwi-browser ye-Apple Safari, apho ulwazi olubalulekileyo lomsebenzisi lunokuthi "luthutywe" ngaphandle kweMac.

Oku kusilela kubandakanya impazamo ekuphunyezweni kwe IsalathisoDB ye Safari kwi Mac kunye iOS. Oko kuthetha ukuba iwebhusayithi inokubona amagama edatha kuyo nayiphi na isizinda, hayi eyakhe kuphela. Amagama esiseko sedatha angasetyenziselwa ukukhupha ulwazi oluchongayo kwitafile yokujonga. Apha ungabona ukuba isebenza njani le bug yokhuseleko.

Iinkonzo ze Uphando bagcina umzekelo we-IndexedDB kwiakhawunti yakho nganye, kunye negama lesiseko sedatha elihambelana ne-ID yakho yomsebenzisi kaGoogle. Ke usebenzisa i-exploit echazwe kwiposti yebhlog, iwebhusayithi ekhohlakeleyo inokufumana i-ID yakho yomsebenzisi kaGoogle emva koko isebenzise isazisi ukufumana olunye ulwazi lobuqu, kuba i-ID isetyenziselwa ukwenza izicelo ze-API kwiinkonzo zikaGoogle.

Ithumela iimpumlo ukuba kunye nezinye iiphequluli, ezifana chrome, oku akwenzeki, kwaye iwebhusayithi inokubona kuphela i-database eyenzelwe umsebenzisi we-Google wesizinda sayo, kwaye kungekhona enye enye. Ngethemba ukuba iApple iza kuyilungisa kungekudala.

I-Apple ayikayilungisi okwangoku.

I-FingerprintJS ithi sele iyazisile i-Apple malunga nesiphene sokhuseleko kwixesha elidlulileyo 28 ngoNovemba. Iyamangalisa into yokuba ukuza kuthi ga namhlanje ayikalungiswa ngohlaziyo olutsha lweSafari. Kodwa siqinisekile ukuba iza kwenzeka kungekudala.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.