用户名: 密码: 验证码:    注册 | 忘记密码?
首页|听力资源|每日听力|网络电台|在线词典|听力论坛|下载频道|部落家园|在线背单词|双语阅读|在线听写|普特网校
您的位置:主页 > 英语能力 > 翻译 > 笔译 > 练习材料 > 科技 >

中国黑客攻破苹果Safari浏览器

2014-04-09    来源:网络    【      美国外教 在线口语培训

来自中国安全研究团队Keen Team在上周的黑客大赛中攻克了公认最安全的苹果浏览器Safari,赢得了4万美元的奖金。团队成员表示,其中部分奖金将捐献出来,救助马航失联客机MH370乘客的家属。

Everybody's Web software got "pwned" at the Pwn2Own hackers conference this week: Apple's (AAPL) Safari, Google's (GOOG) Chrome, Microsoft's (MSFT) Internet Explorer, Mozilla's Firefox and Adobe's (ADBE) Reader and Flash.
上周举行的Pwn2Own黑客大赛中,所有网络软件包括苹果(Apple)Safari浏览器、谷歌(Google)Chrome浏览器、微软(Microsoft)的IE浏览器、Mozilla公司的火狐浏览器(Firefox),以及Adobe公司的PDF阅读器(Adobe Reader)及浏览器插件Adobe Flash都被黑客彻底攻破。

Chrome was hacked by a French team from Vupen Security with a use-after-free vulnerability that affects both the WebKit and Blink rendering engines.
法国安全公司Vupen利用一个Use-After-Free 漏洞攻破了Chrome浏览器。这个漏洞对两种浏览器内核WebKit及Blink都有影响。

Safari was defeated by Liang Chen, one of a pair Chinese Keen Team hackers, using a heap-overflow-and-sandbox-bypass combination that took three months to perfect.
来自中国安全研究团队Keen Team的陈良利用一个堆溢出及沙箱绕过组合攻破了苹果的Safari浏览器。这个团队共用了三个月时间来完善这个组合。

"For Apple, the OS is regarded as very safe and has a very good security architecture," Chen told ThreatPost's Michael Mimoso. "Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."
“苹果的OS操作系统被认为是非常安全的,具备非常好的安全架构,”陈良告诉安全信息网站ThreatPost的迈克尔•米莫苏说。“即使它有漏洞,也很难被攻破。今天我们证明,利用一些先进技术,OS操作系统还是可以被攻破。但总体来说,这个系统的安全性要高于所有其它操作系统。”


Keen Team的陈良(右)正展示Adobe Flash漏洞利用

In a separate interview with CNET, Chen said that OS X is harder to attack than iOS 7.0 because Apple issues security updates for its desktop operating system more frequently than for its mobile OS.
在接受CNET科技资讯网的单独采访时,陈良说道,OS X系统比iOS 7.0更难攻破,因为苹果为桌面操作系统提供的安全更新比为移动操作系统提供的更为频繁。

The two-day event, sponsored by Hewlett-Packard (HPQ) and organized by the HP-owned Zero-Day Initiative, paid out $850,000 in prize money to eight teams of competitors, plus another $82,500 in charitable donations. The event was staffed by observers from Apple and the other companies, which will presumably now start patching those holes.
由惠普公司(Hewlett-Packard)赞助、惠普零日计划(Zero-Day Initiative)组织的Pwn2Own黑客大赛为期两天,共为八个参赛团队提供了85万美元的总奖金,并为慈善机构捐出了8.25万美元善款。除参赛团队外,参加这次活动的还有许许多多来自苹果及其它公司的观察员,他们将在大赛结束后着手修补这些安全漏洞。

"I think the Webkit fix will be relatively easy," Chen told Mimoso. "The system-level vulnerability is related to how they designed the application; it may be more difficult for them."
“我认为Webkit漏洞比较容易修复,”陈良告诉米莫苏。“而系统级别的漏洞与程序设计相关,因此可能更难修复。”



顶一下
(0)
0%
踩一下
(0)
0%
手机上普特 m.putclub.com 手机上普特
[责任编辑:elly]
------分隔线----------------------------
发表评论 查看所有评论
请自觉遵守互联网政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 密码: 验证码:
  • 推荐文章
  • 资料下载
  • 讲座录音
普特英语手机网站
用手机浏览器输入m.putclub.com进入普特手机网站学习
查看更多手机学习APP>>