September 24, hosted by the 360 top international companies SyScan360 Technical Conference held in Beijing, "Prison Break Great God" Stefan Esser (tree people) as a guest, published titled "Talk iOS6 exploits and ios7 safety improvements" on the topic. During the presentation, Stefan Esser details posix_spawn () vulnerability, and how to transform it into a more serious than the leakage of information security vulnerabilities and introduces iOS7 system safety-related improvements.
Stefan Esser first said , posix_spawn information leak vulnerability endanger not only simple , but more powerful spwan / implementation process of the method, which exists to this vulnerability is classified as a kernel heap information leakage vulnerability. And if in place outside the buffer write data can lead to more serious than the information disclosure harm. In the next lecture , Stefan Esser as honored guests try to explain their process and find a key node operation.
Then Stefan Esser to introduce a iOS7 changes in security , he said that lists all the security changes are very difficult, and the growth over time , there will be more security improvements was discovered . The first is the change in the kernel , the old version of the iOS system, through a more sophisticated way to prevent memory in a simple binary detection . The iOS 7 further , changing the actual structure of the system call table . Apple doing so can achieve the purpose of security protection is not clear, but it does make all publicly failure detection .
Aspects of the system call iOS6 also has some unsatisfactory places, such potential attacks have been tampered nsys variables , resulting in a variable has been tampered with to allow access memory outside the table , perform an illegal system call will cause execution hijacking code. iOS7 on nsys variables by removing access to fix this problem, and now with the system calls related content is hard-coded into the code , thereby reducing the risk of its being tampered with .
In addition , Stefan Esser also said yesterday Congress Mobile Security Forum guests demonstration of the " charger with malicious intrusion iPhone" approach , in iOS7 already no longer applicable. "IOS 7 adds a pop-up menu of measures to cut off the charger malicious iOS device via a USB port and attempts to match ."
SyScan360 by the forward-looking information security technology SyScan annual meetings with China 's largest Internet security companies jointly organized 360 international top security technology summit , will be held September 24 to 25 in Beijing with China's first Internet security conference held concurrently . During the two -day meeting , not only security experts from around the world to speak , SyScan360 conference organizers also carefully introduced " hacking challenge " for the rapid success of electronic badges master hacker crack prizes .
Related post:
How to Transfer iPhone MUSIC to Mac Before iOS 7 Update
Backup iPhone Files to Mac before Update iPhone to iOS 7
How to Transfer Data from Old iPhone to iPhone 5S
No comments:
Post a Comment