Apple 日前緊急針對兩個新發現的 0-day 漏洞 CVE-2023-42916 和 CVE-2023-42917 發布較舊產品適用的更新版本作業系統,受影響裝置的使用者應立即套用更新。可能已有駭侵者利用這兩個 0-day 漏洞發動攻擊。
這兩個 0-day 漏洞都存於 Apple 各項作業系統內建瀏覽器的 WebKit 瀏覽器引擎中,屬於越界讀取漏洞;駭侵者可利用特製的網頁來誘發記憶體崩潰,藉以竊取使用者的機敏資訊,甚至執行任意程式碼。
Apple 日前已針對執行新版作業系統 iOS 17、iPadOS 17、macOS Sonoma 推出這兩個 0-day 漏洞的緊急修補更新;這次推出的是 iOS 16.7.3、iPadOS 16.7.3、tvOS 17.2、watchOS 10.2,針對上次未能修復的舊版作業系統與 Apple TV、Apple Watch 提供資安更新。
受此漏洞影響的 Apple 產品如下:
iPhone 8 與後續機型、iPad Pro (所有機型)、iPad Air (第 3 代) 與後續機型、iPad (第 5 代) 與後續機型、iPad mini (第 5 代) 與後續機型;
Apple TV HD 與 Apple TV 4K (所有機型);
Apple Watch Series 4 與後續機型。
所有仍在使用這些 Apple 產品的使用者,應立即升級作業系統到最新版本,以修復這兩個已遭用於攻擊的 0-day 漏洞。
Google Play 日前開始在上架到該平台的 VPN(虛擬私人網路) App 欄位中,新增一個資安稽核標章,可顯示該 App 與其服務平台是否通過第三方的獨立資安認證。
Google 指出,要能在 Google Play 的 App 說明欄位中獲得此標示,App 與其服務平台必須符合 Mobile App Security Assessment (MASA) 的標準;而 MASA 則是由 App Defense Alliance (ADA) 制訂出的行動 App 資安認證標準。
MASA 的標準要求 App 與其服務平台,在資料儲存、資料隱私、加密、存取認證和工作階段管理 (session management)、網路通訊、平台互動與程式碼品質方面,都有相當嚴格的要求。
Google 會選擇 VPN App 作為首度導入 App 資安稽核標章的先導應用程式類型,主要原因是 VPN 應用程式對於使用者的資安與隱私保護深度相關,且會涉及使用者機敏資訊存取;在 Google Play 中顯示該標章的 App,即表示通過獨立第三方以 MASA 標準進行的資安認證,可為使用者提供多一層的保護與信任。
第三方資安認證廠商,會以 MASA 標準來對 App 的源碼、伺服器設定與配置進行稽核,並且試圖發現 App 中的資安錯誤與弱點,來判斷該 App 是否符合 MASA 標準,可以獲頒認證合格標章。
由於 Google Play 是屬於 Android 系統的官方 App Store,因此這個標章的推廣,對於強化 Android 平台的安全性,可以帶來正面的影響。
Google 目前要求所有在 Google Play 上架的 VPN App,都必須通過該認證;目前已通過第三方 MASA 認證且獲得認證標章的 VPN app,包括 Nord VPN、Google One、ExpressVPN 等。
未來 Android 使用者在 Google Play 下載各類 App 時,建議可以選擇具有該資安認證標章的 App,以提升安全性。
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.