{"id":3478,"date":"2015-09-28T02:32:39","date_gmt":"2015-09-28T02:32:39","guid":{"rendered":"http:\/\/www.kaspersky.com.cn\/blog\/?p=3478"},"modified":"2020-02-27T00:17:46","modified_gmt":"2020-02-26T16:17:46","slug":"security-week-39-xcodeghost-the-leak-of-d-link-certificates-1m-for-bugs-in-ios9","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/security-week-39-xcodeghost-the-leak-of-d-link-certificates-1m-for-bugs-in-ios9\/3478\/","title":{"rendered":"\u300a\u5b89\u5168\u5468\u62a5\u300b\u7b2c39\u671f\uff1aXcodeGhost\u75c5\u6bd2\u3001D-Link\u8bc1\u4e66\u6cc4\u9732\u53ca100\u4e07\u7f8e\u5143\u60ac\u8d4f\u4eceios 9\u627e\u51fabug"},"content":{"rendered":"<p>\u5728\u5f00\u59cb\u672c\u5468\u65b0\u4e00\u671f\u7684\u300a\u5b89\u5168\u5468\u62a5\u300b\u4e4b\u524d\uff0c\u6211\u60f3\u5148\u8bf4\u51e0\u6761\u4e0e\u4fe1\u606f\u5b89\u5168\u65e0\u5173\u7684\u65b0\u95fb\u3002\u5927\u4f17\u67f4\u6cb9\u8f66\u88ab\u53d1\u73b0\u6c61\u67d3\u7269\u6392\u653e\u8fdc\u8d85\u6d4b\u8bd5\u4e2d\u663e\u793a\u7684\u6570\u503c\u3002 <post href=\"https:\/\/www.facebook.com\/photo.php?fbid=10207849611587291&amp;set=a.3500201512830.163580.1505449516&amp;type=3\"><\/post> \u5728\u6700\u7ec8\u8c03\u67e5\u7ed3\u679c\u51fa\u6765\u4e4b\u524d\uff0c\u6211\u5e76\u4e0d\u60f3\u5bf9\u8fd9\u6761\u65b0\u95fb\u591a\u505a\u8bc4\u8bba\u3002\u8fd9\u6761\u65b0\u95fb\u8868\u660e\u8f6f\u4ef6\u5728\u5982\u4eca\u5168\u7403\u5404\u4e2a\u9886\u57df\u90fd\u626e\u6f14\u4e86\u4e3e\u8db3\u8f7b\u91cd\u7684\u89d2\u8272\uff1a\u4e8b\u5b9e\u8bc1\u660e\u53ea\u9700\u5bf9\u4ee3\u7801\u8fdb\u884c\u5fae\u8c03\uff0c\u5c31\u80fd\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u6539\u53d8\u91cd\u8981\u7279\u6027\uff0c\u4e14\u4e0d\u4e3a\u4eba\u6240\u5bdf\u89c9\u3002 \u636e<u><a href=\"http:\/\/www.wired.com\/2015\/09\/vw-fool-epa-couldnt-trick-chemistry\/\" target=\"_blank\" rel=\"noopener nofollow\">Wired<\/a><\/u>\u62a5\u9053\uff0c\u6c7d\u8f66\u5382\u5546\u8981\u60f3\u63a9\u9970\u66f4\u9ad8\u6392\u653e\u6c34\u5e73\u5e76\u975e\u96be\u4e8b\u3002\u4f60\u77e5\u9053\u8f66\u8f86\u662f\u5982\u4f55\u5728\u5b9e\u9a8c\u5ba4\u5185\u8fdb\u884c\u6d4b\u8bd5\u7684\u5417\uff1f\u9996\u5148\u5c06\u8f66\u8f86\u653e\u7f6e\u5728\u4e00\u53f0\u6a21\u62df\u9053\u8def\u884c\u9a76\u7684\u88c5\u7f6e\u4e0a\uff0c\u968f\u540e\u8e29\u4e0b\u6cb9\u95e8\uff0c\u4efb\u51ed\u8f66\u8f6e\u98de\u901f\u8f6c\u52a8\uff0c\u7136\u540e\u5bf9\u5e9f\u6c14\u6392\u653e\u8fdb\u884c\u5206\u6790\u3002 \u8f66\u8f86\u5728\u5b9e\u9a8c\u5ba4\u6d4b\u8bd5\u4e0e\u771f\u5b9e\u9053\u8def\u884c\u9a76\u6709\u4f55\u533a\u522b\u5462\uff1f\u533a\u522b\u5728\u4e8e\u524d\u8005\u5e76\u672a\u4f7f\u7528\u5230\u65b9\u5411\u76d8\u3002\u8fd9\u610f\u5473\u7740\u53ef\u4ee5\u4e3a\u5355\u4e00\u73af\u5883\u8fdb\u884c\u7f16\u7a0b\uff1a\u5373\u65e0\u4eba\u9a7e\u9a76\u7684MOT\u6d4b\u8bd5\u7ad9\u73af\u5883\u3002\u5c3d\u7ba1\u8fd9\u4e00\u201d\u9ed1\u5ba2\u5165\u4fb5\u201d\u65b9\u6cd5\u5076\u7136\u95f4\u88ab\u53d1\u73b0\uff0c\u4f46\u6211\u8ba4\u4e3a\u8fd9\u8fdf\u65e9\u4f1a\u53d1\u751f\u7684\u3002 <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Volkswagen says emissions deception actually affects 11 million cars <a href=\"http:\/\/t.co\/8Z0MMR6kBO\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/8Z0MMR6kBO<\/a><\/p>\n<p>\u2014 WIRED (@WIRED) <a href=\"https:\/\/twitter.com\/WIRED\/status\/646493205085749248?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u8fd9\u91cc\u518d\u6b21\u91cd\u7533\uff0c\u9664\u975e\u6574\u4e2a\u4e8b\u4ef6\u88ab\u5b8c\u5168\u6f84\u6e05\uff0c\u5426\u5219\u514d\u4e0d\u4e86\u4eba\u4eec\u7684\u5404\u79cd\u731c\u60f3\u3002\u5982\u679c\u5927\u4f17\u67f4\u6cb9\u8f66\u7684\u5e9f\u6c14\u6392\u653e\u5206\u6790\u84c4\u610f\u4e3a\u4e4b\uff0c\u90a3\u6c7d\u8f66\u5236\u9020\u5546\uff08\u6216\u8d1f\u8d23\u8f6f\u4ef6\u7f16\u7a0b\u7684\u5de5\u4f5c\u4eba\u5458\uff09\u5c06\u96be\u548e\u5176\u804c\u3002\u90a3\u6709\u53ef\u80fd\u662f\u4e00\u4e2a\u8bef\u4f1a\u5417\uff1f\u5f53\u7136\u6709\u53ef\u80fd\u3002\u5728\u4eca\u5929 <u><a href=\"https:\/\/threatpost.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Threatpost.com<\/a><\/u>\u4e0a\u7684\u6bcf\u5468\u6587\u6458\u4e2d\uff0c\u6211\u4eec\u5c06\u5e26\u6765\u51e0\u4e2a\u6709\u5173\u5404\u79cd\u7f16\u7801\u9519\u8bef\u7684\u65b0\u95fb\u6545\u4e8b\uff0c\u5176\u76ee\u7684\u5404\u4e0d\u76f8\u540c\uff0c\u751a\u81f3\u8fd8\u7528\u6765\u8d5a\u53d6\u4e0d\u4e49\u4e4b\u8d22\u3002\u70b9\u51fb<u><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/?s=%E5%AE%89%E5%85%A8%E5%91%A8&amp;submit=Search\" target=\"_blank\" rel=\"noopener\">\u8fd9\u91cc<\/a><\/u>\u9605\u8bfb\u66f4\u591a\u65b0\u95fb\u6545\u4e8b\u3002 <strong>D-Link<\/strong><strong>\u65e0\u610f\u4e2d\u6cc4\u9732\u6570\u5b57\u8bc1\u4e66<\/strong> <u>\u65b0\u95fb<\/u>\u3002\u8377\u5170\u7f51\u7ad9Tweakers.net\u6700\u8fd1\u53d1\u5e03<a href=\"https:\/\/threatpost.com\/d-link-accidentally-leaks-private-code-signing-keys\/114727\/\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/threatpost.com\/d-link-accidentally-leaks-private-code-signing-keys\/114727\/<\/a>\u4e86\u4e00\u4efd\u8be6\u7ec6\u7684\u7814\u7a76\u62a5\u544a\uff0c\u5e76\u9644\u6709<a href=\"https:\/\/translate.google.com\/translate?act=url&amp;depth=1&amp;hl=nl&amp;ie=utf8&amp;nv=1&amp;prev=_t&amp;rurl=translate.google.com&amp;sl=nl&amp;tl=en&amp;u=http:\/\/tweakers.net\/nieuws\/105137\/d-link-blundert-met-vrijgeven-privesleutels-van-certificaten.html\" target=\"_blank\" rel=\"noopener nofollow\">\u591a\u4e2a\u8bed\u8a00<\/a>\u7684\u7248\u672c\uff08Google\u7ffb\u8bd1\uff09\u3002 \u60f3\u8c61\u4f60\u662f\u4e00\u5bb6\u5236\u9020\u5404\u79cd\u7f51\u7edc\u8bbe\u5907\u7684\u751f\u4ea7\u5546\uff0c\u4ea7\u54c1\u4ece\u8def\u7531\u5668\u5230\u76d1\u89c6\u6444\u50cf\u5934\u65e0\u6240\u4e0d\u5305\u3002\u6b64\u5916\uff0c\u4f60\u8fd8\u9700\u8981\u4e3a\u81ea\u5df1\u7684\u8bbe\u5907\u914d\u5907\u56fa\u4ef6\u3001\u9a71\u52a8\u3001\u8f6f\u4ef6\u3001\u56fa\u4ef6\u5347\u7ea7\u8f6f\u4ef6\u548c\u9a71\u52a8\u5347\u7ea7\u8f6f\u4ef6\u7b49\u7b49\u3002\u800c\u6240\u6709\u8fd9\u4e9b\u5747\u4fdd\u5b58\u5728\u4e86\u4e00\u53f0\u79d8\u5bc6\u670d\u52a1\u5668\u4e0a\u7684\u201d\u5de5\u4f5c\u6d41\u7a0b\u201d\u6587\u4ef6\u5939\u5185\u3002\u6839\u636e\u5de5\u4f5c\u65e5\u7a0b\u5b89\u6392\uff0c\u6240\u6709\u7a0b\u5e8f\u548c\u8f6f\u4ef6\u88ab\u5347\u7ea7\u3001\u5206\u914d\u548c\u4e0a\u4f20\u5230\u5404\u5347\u7ea7\u670d\u52a1\u5668\u4e0a\uff0c\u968f\u540e\u8fd9\u4e9b\u66f4\u65b0\u7a0b\u5e8f\u518d\u7ecf\u8fc7\u6807\u8bb0\u5e76\u6700\u7ec8\u53d1\u9001\u5230\u5404\u4e2a\u7528\u6237\u8bbe\u5907\u3002\u6574\u4e2a\u6d41\u7a0b\u76f8\u5f53\u987a\u7545\uff0c\u4e0d\u662f\u5417\uff1f <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">D-Link Accidentally Leaks Private Code-Signing Keys \u2013 <a href=\"http:\/\/t.co\/0mmP6Mm5wv\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/0mmP6Mm5wv<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/644879493614698496?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 18, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u6beb\u65e0\u7591\u95ee\uff0c\u4ec5\u901a\u8fc7\u624b\u52a8\u64cd\u4f5c\u65e0\u6cd5\u7ba1\u7406\u6574\u4e2a\u786c\u4ef6\u5b58\u8d27\u6e05\u5355\uff0c\u8fd8\u9700\u8981\u7528\u5230\u811a\u672c\u3002\u5728\u6211\u4eec\u83b7\u5f97\u65b0\u7684\u4ee3\u7801\u7247\u6bb5\uff0c\u5219\u9700\u8981\u8fd0\u884c.bat\u6587\u4ef6\uff08Shell\u811a\u672c\u6216Python\u811a\u672c\uff0c\u968f\u4fbf\u4ec0\u4e48\uff09\uff0c\u968f\u540e\u5c06\u4ee3\u7801\u5206\u914d\u5230\u6307\u5b9a\u6587\u4ef6\u5939\u5185\uff0c\u6574\u4e2a\u8fc7\u7a0b\u5373\u544a\u5b8c\u6210\uff0c\u4e0d\u4f1a\u51fa\u73b0\u4efb\u4f55\u5dee\u9519\u3002 \u800c\u6709\u4e2a\u53ebJack\u7684D-Link\u5185\u90e8\u5de5\u7a0b\u5e08\u51b3\u5b9a\u4ece\u6839\u672c\u4e0a\u6539\u5584\u6574\u4e2a\u811a\u672c\uff0c\u4ed6\u5728\u6b64\u4e4b\u524d\u5df2\u591a\u6b21\u5bf9\u811a\u672c\u8fdb\u884c\u4e86\u6d4b\u8bd5\u5e76\u5f97\u5230\u6ee1\u610f\u7684\u7ed3\u679c\u3002\u8fd9\u4e5f\u5bfc\u81f4\u4e86bug\u7684\u4ea7\u751f\u3002\u8d1f\u8d23\u9009\u62e9\u5408\u9002\u66f4\u65b0\u6587\u4ef6\u6216\u6587\u4ef6\u5939\u7684\u4e00\u884c\u4ee3\u7801\u5e76\u4e0d\u5305\u62ec\u7834\u6298\u53f7\u6216\u53e6\u5916\u7684\u62ec\u53f7\u2013\u5e76\u4e14\u5176\u4e2d\u7684\u91cd\u8981\u6570\u636e\u5916\u6cc4\u5230\u4e86\u516c\u5171\u9886\u57df\u4e14\u901a\u8fc7\u7535\u90ae\u53d1\u9001\u7ed9\u4e86\u6570\u4e0d\u6e05\u7684\u7528\u6237\u3002 <\/p><blockquote class=\"twitter-pullquote\"><p>Security Week 39: #XcodeGhost, the leak of #D-Link certificates, $1M for #bugs in #iOS9<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FNJ3d&amp;text=Security+Week+39%3A+%23XcodeGhost%2C+the+leak+of+%23D-Link+certificates%2C+%241M+for+%23bugs+in+%23iOS9\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote> \u5f53\u7136\uff0c\u6211\u7684\u7406\u89e3\u5e76\u4e0d\u4e00\u5b9a100%\u51c6\u786e\u2013\u4e5f\u53ef\u80fd\u662f\u9519\u7684\u3002\u4f46\u8fd9\u7684\u7684\u786e\u786e\u53d1\u751f\u4e86\uff1a\u6709\u4e00\u540d\u5e73\u65f6\u8c28\u5c0f\u614e\u5fae\u7684\u7528\u6237\u5728\u4e3a\u5176D-Link\u6444\u50cf\u5934\u4e0b\u8f7d\u56fa\u4ef6\u66f4\u65b0\u65f6\uff0c\u6ce8\u610f\u542b\u4f9b\u5e94\u5546\u8f6f\u4ef6\u79c1\u4eba\u5bc6\u94a5\u7684\u5b58\u6863\u6587\u4ef6\u3002\u5728\u5b58\u6863\u6587\u4ef6\u5185\u5b58\u6709\u591a\u4e2a\u8bc1\u4e66\uff0c\u5c3d\u7ba1\u5176\u4e2d\u4e00\u4e9b\u5df2\u7ecf\u8fc7\u671f\uff0c\u4f46\u6709\u4e00\u4e2a\u57289\u67083\u65e5\u624d\u521a\u521a\u8fc7\u671f\u4e0d\u4e45\u3002 \u4f46\u95ee\u9898\u662f\u8be5\u5bc6\u94a5\u65e9\u5728<strong>6<\/strong><strong>\u4e2a\u6708<\/strong>\u4e4b\u524d\u5c31\u5df2\u5916\u6cc4\uff0c\u56e0\u800c\u5728\u8fd9\u4e4b\u524d\uff0c\u53ef\u4ee5\u7528\u6765\u5bf9\u4efb\u4f55\u8f6f\u4ef6\u8fdb\u884c\u7b7e\u540d\u2013\u5305\u62ec\u6076\u610f\u8f6f\u4ef6\u3002\u8fd9\u663e\u7136\u662f\u4e2a\u5931\u8bef\uff0c\u4e0d\u4ec5\u4e22\u8138\u8fd8\u76f8\u5f53\u5371\u9669\u3002\u6211\u4eec\u76ee\u524d\u8fd9\u4e2a\u6570\u5b57\u65f6\u4ee3\uff0c\u4e00\u4e32\u7531512\u4e2a\u6570\u5b57\u7ec4\u6210\u7684\u5b57\u7b26\u5c31\u4ee3\u8868\u4e86\u4e00\u5207\uff1a\u80fd\u611f\u67d3\u6570\u767e\u4e07\u53f0\u8ba1\u7b97\u673a\u7684\u5bc6\u94a5\u3001\u4e00\u5927\u7b14\u865a\u62df\u8d27\u5e01\u8d22\u5bcc\u6216\u8005\u673a\u5bc6\u8d44\u6599\u7684\u8bbf\u95ee\u4ee3\u7801\u3002 \u4f46\u4e0e\u6b64\u540c\u65f6\uff0c512\u4e2a\u5b57\u8282\u53ea\u662f\u4f60\u786c\u76d8\u201d\u6d69\u701a\u6d77\u6d0b\u4e2d\u7684\u4e00\u7c92\u6c99\u201d\uff0c\u5f88\u5bb9\u6613\u88ab\u6e05\u9664\u800c\u8fdb\u5165\u5230\u516c\u5171\u9886\u57df\u5185\u3002\u6211\u4eec\u552f\u4e00\u7684\u5e0c\u671b\u5c31\u662f\u6ca1\u4eba\u6ce8\u610f\u5230\u8fd9\u4e2a\u9519\u8bef\u2013\u800c\u60c5\u51b5\u5e38\u5e38\u5982\u6b64\u3002\u4f46\u5076\u5c14\u4e5f\u4f1a\u6709\u4eba\u53d1\u73b0\u2013\u5728\u8fd9\u6837\u7684\u60c5\u51b5\u4e0b\uff0c\u5c3d\u7ba1\u6ca1\u6709\u4eba\u4f1a\u6545\u610f\u5bfb\u627e\u6076\u610f\u8f6f\u4ef6\uff0c\u4f46\u8fd8\u662f\u4f1a\u6709\u4eba\u5229\u7528\u4efb\u4f55\u5916\u6cc4\u7684\u5bc6\u94a5\u4ece\u4e8b\u4e00\u4e9b\u4e0d\u6cd5\u6d3b\u52a8\u3002 <strong>\u8ba9\u82f9\u679c<\/strong><strong>IED<\/strong><strong>\u7684\u4e66\u7b7e\u611f\u67d3<\/strong><strong>XcodeGhost<\/strong><strong>\u75c5\u6bd2<\/strong> <u><a href=\"https:\/\/threatpost.com\/xcodeghost-ios-malware-contained\/114745\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002Palo Alto<u><a href=\"http:\/\/researchcenter.paloaltonetworks.com\/2015\/09\/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store\/#appendix\" target=\"_blank\" rel=\"noopener nofollow\">\u7814\u7a76<\/a><\/u>\u3002\u53d7\u5f71\u54cd\u5e94\u7528<u><a href=\"http:\/\/www.macrumors.com\/2015\/09\/24\/xcodeghost-top-25-apps-apple-list\/\" target=\"_blank\" rel=\"noopener nofollow\">\u6e05\u5355<\/a><\/u>\u3002\u82f9\u679c\u5b98\u65b9<u><a href=\"http:\/\/www.apple.com\/cn\/xcodeghost\/\" target=\"_blank\" rel=\"noopener nofollow\">\u58f0\u660e<\/a><\/u>\uff08\u53ef\u60dc\u53ea\u6709\u4e2d\u6587\u7248\uff09\u3002 \u60f3\u8c61\u4f60\u662f\u4e00\u540d\u4e2d\u56fdiOS\u5e94\u7528\u5f00\u53d1\u8005\u3002\u4e0d\u7528\u60f3\u592a\u591a\uff0c\u4e2d\u56fd\u5f00\u53d1\u8005\u4f7f\u7528\u7684\u5de5\u5177\u4e0e\u5168\u4e16\u754c\u5176\u4ed6\u56fd\u5bb6\u7684\u5f00\u53d1\u8005\u5e76\u65e0\u5dee\u522b\u3002\u53ea\u9700\u7a0d\u5fae\u52a0\u5165\u4e9b\u5730\u57df\u7279\u8272\u5373\u53ef\u3002\u6bd4\u65b9\u8bf4\uff0c\u4f60\u4e70\u4e86\u4e00\u53f0\u5d2d\u65b0\u7684Mac\u7535\u8111\uff0c\u5b89\u88c5\u5b8cXcode framework\u540e\u5373\u5f00\u59cb\u7f16\u7801\u3002 \u8fd9\u5b8c\u5168\u6ca1\u6709\u95ee\u9898\uff0c\u4f46\u9664\u4e86\u6709\u4e00\u70b9\uff1a\u4ece\u82f9\u679c\u5b98\u7f51\u4e0b\u8f7d\u514d\u8d39\u7248Xcode framework\u7684\u901f\u5ea6\u76f8\u5f53\u7f13\u6162\u2013\u8fd9\u4e3b\u8981\u662f\u56e0\u4e3a\u6709\u201d\u9632\u706b\u957f\u57ce\u201d\u5b58\u5728\u3002\u800c\u4ece\u4e2d\u56fd\u672c\u5730\u7f51\u7ad9\u4e0b\u8f7d\u5219\u76f8\u6bd4\u4e4b\u4e0b\u901f\u5ea6\u66f4\u5feb\u4e5f\u66f4\u7b80\u5355\u2013\u6709\u4ec0\u4e48\u533a\u522b\u5417\uff1f\u53cd\u6b63\u90fd\u662f\u514d\u8d39\u7684\u3002 <img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151146\/security-week-39-FB.jpg\" alt=\"\" width=\"1600\" height=\"1600\"> \u800c\u5b8c\u5168\u51fa\u4e4e\u610f\u6599\u7684\u662f\uff0c\u4e00\u4e9b\u5e94\u7528\uff08\u5305\u62ec\u6d41\u884c\u548c\u975e\u4e3b\u6d41\uff09\u88ab\u690d\u5165\u4e86\u6076\u610f\u4ee3\u7801\uff0c\uff08\u6700\u4f4e\u7a0b\u5ea6\uff01\uff09\u5c06\u5173\u4e8e\u8bbe\u5907\u7684\u6570\u636e\u53d1\u9001\u5230\u8fdc\u7a0bC&amp;C\u670d\u52a1\u5668\u3002\u6700\u7cdf\u7cd5\u7684\u60c5\u51b5\u5219\u662f\u8bbe\u5907\u63a5\u53d7\u6765\u81ea\u9ed1\u5ba2\u670d\u52a1\u5668\u7684\u547d\u4ee4\uff0c\u5bf9\u7528\u6237\u8fdb\u884c\u75c5\u6bd2\u611f\u67d3\u5e76\u5bf9iOS\u6f0f\u6d1e\u5229\u7528\u3002 \u4e8b\u5b9e\u4e0a\u5728Xcode\u4e2d\u6587\u7248\u53ca\u591a\u4e2a\u53d1\u884c\u7248\u4e2d\u90fd\u53d1\u73b0\u4e86\u6076\u610f\u4ee3\u7801\u3002\u8fd9\u8868\u660e\u662f\u6709\u9ed1\u5ba2\u6709\u610f\u800c\u4e3a\u4e4b\u3002\u56e0\u6b64\u4e8b\u5b9e\u4e0a\u60c5\u51b5\u66f4\u4e3a\u7cdf\u7cd5\uff1a\u4e0d\u4ec5\u4ec5\u662f\u50cf\u5fae\u4fe1\uff08\u5373\u65f6\u901a\u8baf\u5e94\u7528\uff09\u6216\u75af\u72c2\u7684\u5c0f\u9e1f\u4e2d\u6587\u7248\u8fd9\u6837\u7684\u6d41\u884c\u5e94\u7528\u53d7\u5230\u611f\u67d3\uff0cApp Store\u5185\u7684\u591a\u6570\u4e2d\u6587\u5e94\u7528\u90fd\u6709\u53ef\u80fd\u690d\u5165\u4e86\u6076\u610f\u4ee3\u7801\u3002 \u5f53\u7136\uff0c\u76ee\u524d\u6240\u6709\u53d7\u611f\u67d3\u5e94\u7528\u5df2\u5168\u90e8\u4eceApp Store\u4e0b\u67b6\uff0c\u800c\u4e14\u901a\u8fc7C&amp;C\u57df\u540d\uff08\u540c\u6837\u88ab\u963b\u6b62\uff09\u4e5f\u5f88\u5bb9\u6613\u627e\u5230\u690d\u5165\u7684\u6076\u610f\u4ee3\u7801\u3002\u4f46\u5982\u4f55\u7f3a\u4e4f\u5148\u9a8c\u77e5\u8bc6\u7684\u8bdd\uff0c\u6076\u610f\u4ee3\u7801\u690d\u5165\u4f9d\u7136\u96be\u4ee5\u53d1\u73b0\uff1a\u6084\u6084\u9690\u85cf\u5728\u82f9\u679c\u7684\u6807\u51c6\u7a0b\u5e8f\u5e93\u5185\uff0c99.9%\u7684\u5e94\u7528\u90fd\u8981\u7528\u5230\u3002 \n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Allegedly 40 apps on App Store are infected <a href=\"https:\/\/t.co\/UTSGwvWccj\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/UTSGwvWccj<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/apple?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#apple<\/a> <a href=\"http:\/\/t.co\/moLosQwB9V\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/moLosQwB9V<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/646689631333949440?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u8fd9\u91cc\u6709\u4e2a\u5947\u602a\u7684\u5730\u65b9\u3002\u4e13\u95e8\u5bf9\u65af\u8bfa\u767b\u63d0\u4f9b\u7684\u79d8\u5bc6\u6570\u636e\u8fdb\u884c\u89e3\u5bc6\u548c\u516c\u5e03\u7684\u8c03\u67e5\u65b0\u95fb\u7f51\u7ad9-The Intercept<a href=\"https:\/\/theintercept.com\/2015\/09\/22\/apples-app-store-infected-type-malware-cia-developed\/\" target=\"_blank\" rel=\"noopener nofollow\">\u62a5\u9053<\/a>\u4e86\u8fd9\u4e00\u65b9\u6cd5\uff0c\u800cXcodeGhost\u6b63\u662f\u91c7\u7528\u8fd9\u4e00\u65b9\u6cd5\u5077\u5077\u6f5c\u5165\u82f9\u679c\u8bbe\u5907\uff0c\u540c\u65f6\u4e5f\u548c\u653f\u5e9c\u79d8\u5bc6\u8ba1\u5212\u4e2d\u63cf\u8ff0\u7684\u65b9\u6cd5\u4e00\u81f4\u3002\u8be5\u7f51\u7ad9\u70ab\u8000\u81ea\u5df1\u65e9\u5728\u53bb\u5e74<a href=\"https:\/\/theintercept.com\/2015\/03\/10\/ispy-cia-campaign-steal-apples-secrets\/\" target=\"_blank\" rel=\"noopener nofollow\"><u>3<\/u><u>\u6708<\/u><\/a>\u5c31\u5c06\u8fd9\u4e00\u4fe1\u606f\u516c\u5e03\u4e92\u8054\u7f51\u3002 <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">More <a href=\"https:\/\/twitter.com\/hashtag\/XcodeGhost?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#XcodeGhost<\/a> news: Potentially thousands of iOS apps infected, modded versions date back to March: <a href=\"http:\/\/t.co\/XaHXORV07B\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/XaHXORV07B<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/646754119693303808?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u597d\u5427\uff0c\u6211\u4eec\u4e5f\u6765\u70ab\u8000\u70ab\u8000\u81ea\u5df1\uff1a\u6211\u4eec\u65e9\u5728\u65af\u8bfa\u767b\u4e8b\u4ef6\u53d1\u751f\u524d\u76842009\u5e74\u5c31\u6ce8\u610f\u5230\u4e86\u8fd9\u4e00\u95ee\u9898\uff0c\u56e0\u6b64\u662f\u5168\u7403\u6700\u5148\u53d1\u73b0\u7684\u516c\u53f8\u3002\u4f8b\u5982\uff0c\u6211\u4eec\u53d1\u73b0\u4e86\u540c\u65f6\u611f\u67d3Delphi\u7684IDE\uff08\u96c6\u6210\u5f00\u53d1\u73af\u5883\uff09\u4ee5\u53ca\u5c06\u6076\u610f\u4ee3\u7801\u690d\u5165\u6240\u6709\u5df2\u7f16\u8bd1\u5e94\u7528\u7684<u><a href=\"https:\/\/www.kaspersky.com\/news?id=207575885\" target=\"_blank\" rel=\"noopener nofollow\">\u6076\u610f\u8f6f\u4ef6<\/a><\/u>\u3002\u9ed1\u5ba2\u6240\u7528\u7684\u65b9\u6cd5\u4e5f\u663e\u800c\u6613\u89c1\u3002\u4f46\u53ea\u8981\u77e5\u9053\u95ee\u9898\u6240\u5728\uff0c\u5c31\u80fd\u5f88\u8f7b\u6613\u5730\u89e3\u51b3\u2013\u53ea\u9700\u5c06\u5f00\u53d1\u5de5\u5177\u4e0e\u4e3b\u7248\u672c\u7684\u5b8c\u6574\u6027\u8fdb\u884c\u5339\u914d\u3002 \u9664\u6b64\u4e4b\u5916\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u8fd8\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5355\u5f97\u8ba9\u4eba\u5403\u60ca\u7684\u5efa\u8bae\uff1a\u5343\u4e07\u4e0d\u8981\u4ece\u53ef\u7591\u8d44\u6e90\u4e0b\u8f7d\u8f6f\u4ef6\u3002\u5c3d\u7ba1\u542c\u4e0a\u53bb\u6709\u4e9b\u5947\u602a\uff0c\u4f46\u5374\u662f\u7ecf\u9a8c\u4e30\u5bcc\u5f00\u53d1\u8005\u7684\u5fe0\u544a\u3002\u4ed6\u4eec\u771f\u7684\u4f1a\u72af\u8fd9\u79cd\u53ef\u7b11\u7684\u9519\u8bef\u5417\uff1f\u4e8b\u5b9e\u8bc1\u660e\uff0c\u4ed6\u4eec\u7edd\u5bf9\u4f1a\u3002 <strong>Bug<\/strong><strong>\u4e2d\u4ecb\u5546\u60ac\u8d4f<\/strong><strong>100<\/strong><strong>\u4e07\u7f8e\u5143\u5728<\/strong><strong>iOS 9<\/strong><strong>\u4e2d\u627e<\/strong><strong>bug<\/strong> <u><a href=\"https:\/\/threatpost.com\/zerodium-hosts-million-dollar-ios-9-bug-bounty\/114736\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002 \u8fd9\u91cc\u6709\u4e2a\u5173\u4e8e\u5404\u79cdiOS\u8bbe\u5907\u8d8a\u72f1\u5386\u53f2\u8bb0\u5f55\u7684<u><a href=\"https:\/\/en.wikipedia.org\/wiki\/IOS_jailbreaking#History_of_iOS_jailbreaking_tools\" target=\"_blank\" rel=\"noopener nofollow\">\u8868\u683c<\/a><\/u>\u3002\u5b89\u5353\u6216\u53f0\u5f0f\u7535\u8111\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u53ef\u4ee5\u9ed8\u8ba4\u5f00\u542f\u5bf9\u7cfb\u7edf\u7684\u5168\u9762\u63a7\u5236\uff0c\u4e14\u6f0f\u6d1e\u5229\u7528\u4e5f\u76f8\u5f53\u5bb9\u6613\u3002\u800c\u4e0e\u5b83\u4eec\u4e0d\u540c\u7684\u662f\uff0c\u82f9\u679c\u7684\u667a\u80fd\u624b\u673a\u3001\u5e73\u677f\u7535\u8111\uff08\u73b0\u5728\u8fd8\u6709\u7535\u89c6\u673a\u9876\u76d2\u548c\u667a\u80fd\u624b\u8868\uff09\u5374\u5185\u5728\u5730\u9650\u5236\u7528\u6237\u7684\u6743\u9650\u3002 \u591a\u5e74\u4ee5\u6765\uff0c\u4e00\u65b9\u9762\u82f9\u679c\u8bd5\u56fe\u5bf9\u5176\u8bbe\u5907\u4e25\u52a0\u4fdd\u62a4\uff0c\u800c\u53e6\u4e00\u65b9\u9762\u70ed\u8877\u4e8e\u83b7\u53d6root\u6743\u9650\u7684\u7528\u6237\u5374\u662f\u8bd5\u56fe\u7ed5\u8fc7\u8fd9\u4e00\u4fdd\u62a4\u3002\u6700\u7ec8\uff0c\u5927\u591a\u6570\u82f9\u679c\u8bbe\u5907\u60e8\u906d\u8d8a\u72f1\uff08\u9664\u4e86\u82f9\u679cTV v3\u673a\u9876\u76d2\uff0c\u4ee5\u53caApple Watch\u6682\u65f6\u5e78\u514d\u4e8e\u96be\uff09\u2013\u53ea\u8981\u82f9\u679c\u4ea7\u54c1\u4e00\u4e0a\u67b6\uff0c\u901a\u5e38\u57286\u4e2a\u6708\u5185\u5c31\u80fd\u6210\u529f\u8d8a\u72f1\u3002 <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">.<a href=\"https:\/\/twitter.com\/Zerodium?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Zerodium<\/a> Hosts Million-Dollar iOS 9 Bug Bounty \u2013 <a href=\"http:\/\/t.co\/tQ9Evs3iTi\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/tQ9Evs3iTi<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/645966156923277313?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u6700\u65b0\u7684iOS 9\u540c\u6837\u4e0d\u5e78\u906d\u5230\u8d8a\u72f1\uff0c\u4f46\u4e8b\u5b9e\u5374\u4e0d\u5b8c\u5168\u5982\u6b64\u3002\u56e0\u4e3a\u5e76\u6ca1\u6709\u8d8a\u72f1\u5b8c\u6574\u3002\u5173\u6ce8\u8fd9\u4e00\u95ee\u9898\u7684\u8fd8\u6709Zerodium\u516c\u53f8\uff0c\u8be5\u516c\u53f8\u5df2\u60ac\u8d4f100\u4e07\u7f8e\u5143\u627e\u5230\u80fd\u6f0f\u6d1e\u5229\u7528iOS 9\u7684\u65b9\u6cd5\uff0c\u4f46\u524d\u63d0\u6761\u4ef6\u662f\uff1a \u2014\u6f0f\u6d1e\u5229\u7528\u65b9\u6cd5\u662f\u80fd\u8fdc\u7a0b\u64cd\u4f5c\u7684\uff08\u539f\u56e0\u662f\u5f53\u7528\u6237\u8bbf\u95ee\u4e13\u95e8\u7cbe\u5fc3\u5236\u4f5c\u7684\u865a\u5047\u7f51\u9875\u6216\u9605\u8bfb\u6076\u610f\u666e\u901a\u77ed\u4fe1\u6216\u591a\u5a92\u4f53\u77ed\u4fe1\u65f6\u80fd\u81ea\u52a8\u8fd0\u884c\uff09\uff1b \u2014\u6f0f\u6d1e\u5229\u7528\u65b9\u6cd5\u5141\u8bb8\u4fa7\u8f7d\u4efb\u610f\u5e94\u7528\uff08\u7c7b\u4f3c\u4e8eCydia\uff09\uff1b \u2014 \u6f0f\u6d1e\u5229\u7528\u65b9\u6cd5\u6301\u4e45\u7a33\u5b9a\uff0c\u5728\u91cd\u542f\u4f9d\u7136\u80fd\u7ee7\u7eed\u8fd0\u884c\uff1b \u2014 \u6f0f\u6d1e\u5229\u7528\u65b9\u6cd5\u2019\u53ef\u9760\u3001\u8c28\u614e\u4e14\u65e0\u9700\u7528\u6237\u7684\u4efb\u4f55\u64cd\u4f5c\u3002 <img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151145\/security-week-39-money.jpeg\" alt=\"\" width=\"900\" height=\"506\"> \u4e0a\u8ff0\u6240\u5217\u7684\u8fd9\u4e9b\u6761\u4ef6\u8868\u660eZerodium\u7684300\u4e07\uff08\u603b\u8d4f\u91d1\uff09\u60ac\u8d4f\u6d3b\u52a8\u7eaf\u5c5e\u5671\u5934\uff0c\u5bf9\u4e8e\u83b7\u53d6root\u6743\u9650\u7684\u72c2\u70ed\u5206\u5b50\u53ef\u80fd\u8981\u5931\u671b\u4e86\u3002Zerodium\u516c\u53f8\u521b\u59cb\u4ebaChaouki Bekrar\u6700\u521d\u521b\u7acb\u7684\u662fVUPEN\u3002\u540e\u8005\u4e13\u95e8\u5411\u653f\u5e9c\u673a\u6784\u51fa\u552e\u6f0f\u6d1e\u548c\u6f0f\u6d1e\u5229\u7528\u5de5\u5177\u3002\u65e0\u8bba\u4ece\u5408\u6cd5\u7a0b\u5ea6\u8fd8\u662f\u9053\u5fb7\u7acb\u573a\u800c\u8a00\uff0c\u8fd9\u90fd\u662f\u4fe1\u606f\u5b89\u5168\u9886\u57df\u7684\u7070\u8272\u5730\u5e26\uff1a\u597d\u4eba\u7528\u574f\u4eba\u5236\u4f5c\u7684\u5de5\u5177\u8d77\u8bc9\u574f\u4eba\u3002 \u7136\u800cVUPEN\uff08\u81f3\u5c11\u4ece\u5b98\u65b9\u6765\u770b\uff09\u5e76\u672a\u6270\u4e71bug\u4e2d\u4ecb\u5e02\u573a\uff0c\u800c\u6700\u521d\u521b\u7acbZerodium\u7684\u76ee\u7684\u6b63\u662f\u4e3a\u6b64\u3002\u8fd9\u610f\u5473\u7740\u6709\u4e9b\u4eba\u5c06\u4ece\u4e2d\u5927\u8d5a\u4e00\u7b14\uff0c\u800c\u53e6\u4e00\u4e9b\u4eba\u5c06\u4f7f\u7528\u8d2d\u4e70\u7684\u6f0f\u6d1e\u5229\u7528\u5de5\u5177\u653b\u7834\u8bbe\u5907\u4f46\u5374\u4e0d\u4f1a\u62ab\u9732\u4efb\u4f55\u6709\u5173\u6f0f\u6d1e\u7684\u7ec6\u8282\uff08\u5426\u5219\u652f\u4ed8\u5956\u91d1\u53c8\u6709\u4f55\u610f\u4e49\u5462\uff1f\uff09\u3002 \u4f46\u6211\u4eec\u5df2\u7ecf<u><a href=\"https:\/\/threatpost.com\/hackers-release-hacking-team-internal-documents-after-breach\/113612\/\" target=\"_blank\" rel=\"noopener nofollow\">\u77e5\u9053<\/a><\/u>\u5982\u679cbug\u4e2d\u4ecb\u5546\u81ea\u5df1\u906d\u5230\u9ed1\u5ba2\u5165\u4fb5\u540e\u7684\u7ed3\u679c\uff08\u662f\u5426\u8fd8\u8bb0\u5f97Hacking Team\u5b89\u5168\u516c\u53f8\uff0c\u5176\u5927\u91cf\u6709\u5173\u96f6\u65e5\u6f0f\u6d1e\u7684\u4fe1\u606f\u5728\u516c\u5171\u9886\u57df\u906d\u5230\u516c\u5f00\uff0c\u8be5\u516c\u53f8\u4e0e\u4e00\u4e9b\u4e2d\u4e1c\u56fd\u5bb6\u653f\u5e9c\u95f4\u7684\u80ae\u810f\u4ea4\u6613\u5f97\u4ee5\u63ed\u9732\uff0c\u5bf9\u4e8e\u53cc\u65b9\u800c\u8a00\u90fd\u662f\u60e8\u75db\u7684\u6559\u8bad\uff09\u3002 <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hackers Release Hacking Team Internal Documents After Breach \u2013 <a href=\"http:\/\/t.co\/NIsqv96Ctc\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/NIsqv96Ctc<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/618060749425012736?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 6, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> \u800c\u8fd9\u91cc\u7684\u9053\u5fb7\u95ee\u9898\u662f\uff0c\u8d8a\u72f1\u81ea\u5df1\u7684\u667a\u80fd\u624b\u673a\u5b8c\u5168\u6ca1\u6709\u4efb\u4f55\u95ee\u9898\uff08\u6216\u8005\u66f4\u51c6\u786e\u5730\u8bf4\uff0c\u57fa\u672c\u6ca1\u4ec0\u4e48\u95ee\u9898\uff09\uff0c\u56e0\u4e3a\u8fd9\u662f\u6bcf\u4e2a\u4eba\u7684\u81ea\u7531\u3002\u4f46\u5982\u679c\u5728\u672a\u7ecf\u4ed6\u4eba\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b\u8d8a\u72f1\u522b\u4eba\u7684\u8bbe\u5907\uff0c\u8fd9\u5c31\u6709\u95ee\u9898\u4e86\u3002\u800c\u4e00\u65e6\u53d1\u73b0\u8fd9\u6837\u7684\u6f0f\u6d1e\uff0c\u65e0\u8bba\u5982\u4f55\u90fd\u5e94\u544a\u77e5\u751f\u4ea7\u5546\u5e76\u7531\u5176\u6253\u4e0a\u5b89\u5168\u8865\u4e01\u3002\u4e0d\u7ba1\u600e\u4e48\u8bf4\uff0c\u5c31\u7b97\u6f0f\u6d1e\u5229\u7528\u662f\u4e3a\u4e86\u9020\u798f\u6574\u4e2a\u4eba\u7c7b\uff0c\u4f46\u4f9d\u7136\u8fd8\u662f\u4e0d\u90a3\u4e48\u5149\u5f69\u7684\u884c\u4e3a\u3002 <strong>\u5176\u5b83\u65b0\u95fb\uff1a<\/strong> Adobe\u4e3aFlash Player\u5185\u768423\u4e2a\u6f0f\u6d1e\u6253\u4e0a<u><a href=\"https:\/\/threatpost.com\/adobe-patches-23-critical-vulnerabilities-in-flash-player\/114740\/\" target=\"_blank\" rel=\"noopener nofollow\">\u5b89\u5168\u8865\u4e01<\/a><\/u>\u3002\u6574\u4e2a8\u6708\u4efd\u603b\u5171<a href=\"https:\/\/threatpost.com\/huge-flash-update-patches-more-than-30-vulnerabilities\/114216\/\" target=\"_blank\" rel=\"noopener nofollow\">\u4fee\u590d<\/a>\u4e86\u8d85\u8fc730\u4e2abug\u3002 <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Huge Flash Update Patches More Than 30 Vulnerabilities \u2013 <a href=\"http:\/\/t.co\/45seXMk5qT\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/45seXMk5qT<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/631160803790573568?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 11, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> OPM\uff08\u8054\u90a6\u4eba\u4e8b\u7ba1\u7406\u5c40\uff09\u62a5\u544a\u4e86\u4eca\u5e74\u53d1\u751f\u7684\u5927\u91cf\u9ed1\u5ba2\u653b\u51fb\u6d3b\u52a8\u5bfc\u81f4\u7684\u66f4\u52a0\u4e25\u91cd\u540e\u679c\uff1a\u5c5e\u4e8e\u8054\u90a6\u673a\u6784\u5de5\u4f5c\u4eba\u5458\u7684\u8d85\u8fc7560\u4e07\u4e2a\u6307\u7eb9<a href=\"https:\/\/threatpost.com\/5-6-million-fingerprints-stolen-in-opm-hack\/114784\/\" target=\"_blank\" rel=\"noopener nofollow\">\u88ab\u76d7<\/a>\u3002\u7f8e\u56fd\u56fd\u5185\u5206\u6790\u5bb6\u8868\u793a\u7531\u4e8e\u4eba\u7684\u624b\u6307\u90fd\u662f\u552f\u4e00\u4e14\u4e0d\u53ef\u66ff\u4ee3\u7684\uff0c\u56e0\u6b64\u88ab\u76d7\u6307\u7eb9\u5c06\u6c38\u4e45\u6709\u6548\uff0c\u56e0\u6b64\u4ee5\u540e\u5b89\u5168\u8ba4\u8bc1\u7ec4\u5408\u7684\u6570\u91cf\u4e5f\u5c06\u53d7\u5230\u9650\u5236\u3002\u5c3d\u7ba1\u76ee\u524d\u6307\u7eb9\u7684\u7528\u9014\u76f8\u5f53\u6709\u9650\uff0c\u4f46\u6ca1\u6709\u4eba\u80fd\u9884\u6d4b\u672a\u6765\u79d1\u6280\u5c06\u53d1\u5c55\u5230\u4f55\u79cd\u7684\u5730\u6b65\u3002 <strong>\u8001\u8bdd\u65b0\u63d0\uff1a<\/strong> <a href=\"https:\/\/twitter.com\/jpluscplusm\/status\/646811379312279552\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/twitter.com\/jpluscplusm\/status\/646811379312279552<\/a> \u201cPrintScreen\u201d \u8fd9\u662f\u4e00\u79cd\u76f8\u5f53\u5371\u9669\u7684\u75c5\u6bd2\uff0c\u5360\u7528512\u4e2a\u5b57\u8282\u7684\u7a7a\u95f4\uff08\u4e00\u4e2a\u6247\u533a\uff09\u3002\u5728\u8bfb\u53d6\u65f6\uff0c\u5b83\u4f1a\u611f\u67d3\u8f6f\u76d8\u548c\u786c\u76d8\u9a71\u52a8\u5668\u7684\u5f15\u5bfc\u6247\u533a\uff08int 13h\uff09\u3002\u8001\u5f0f\u5f15\u5bfc\u6247\u533a\u4f1a\u5199\u5728\u8f6f\u76d8\u9a71\u52a8\u5668\u76841\/0\/3\u5730\u5740\uff08\u78c1\u9762\/\u78c1\u9053\/\u6247\u533a\uff09\uff0c\u800c\u786c\u76d8\u9a71\u52a8\u5668\u5bf9\u5e94\u7684\u5730\u5740\u5219\u662f3\/1\/13\u3002\u8be5\u75c5\u6bd2\u4f1a\u635f\u574f\u4efb\u610f\u4e00\u4e2aFAT\u6247\u533a\u6216\u4fdd\u5b58\u5728\u5185\u7684\u6570\u636e\uff08\u5177\u4f53\u53d6\u51b3\u4e8e\u78c1\u76d8\u5bb9\u91cf\uff09\u3002\u5728\u611f\u67d3\u786c\u76d8\u9a71\u52a8\u5668\u65f6\uff0c\u9690\u542b\u6709\u5f15\u5bfc\u6247\u533a\u4fdd\u5b58\u57280\/1\/1\u5730\u5740\u7684\u4fe1\u606f\uff08\u8fd9\u8868\u660e\u7f16\u5199\u8fd9\u4e00\u75c5\u6bd2\u7684\u7a0b\u5e8f\u5458\u6c34\u5e73\u8f83\u4f4e\uff09\u3002 <img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06152300\/infosec-digest-32-book1-234x300.jpg\" alt=\"\" width=\"98\" height=\"126\"> \u6b64\u5916\u5b83\u8fd8\u52ab\u6301int 13h\u3002\u4ece\u75c5\u6bd2\u611f\u67d3\u9a71\u52a8\u5668\u65f6\u75c5\u6bd2\u6e05\u5355\u7f16\u5236\u76841\/256\u6982\u7387\u6bd4\u5224\u65ad\uff08\u53d6\u51b3\u4e8e\u5176\u5185\u90e8\u8ba1\u7b97\u5668\u7684\u6570\u503c\uff09\uff0c\u8be5\u75c5\u6bd2\u5e94\u8c03\u7528int 5\uff08Print Screen\uff09\uff0c\u4f46\u7531\u4e8e\u4e00\u4e2a\u9519\u8bef\u5bfc\u81f4\u8ba1\u7b97\u5668\u7684\u65b0\u6570\u503c\u5e76\u672a\u4fdd\u5b58\u3002 <em>\u5f15\u8ff0\u81ea\u4e8e<\/em><em>1992<\/em><em>\u5e74\u51fa\u7248\u7684\u300a<\/em><em>MS-DOS<\/em><em>\u4e2d\u7684\u8ba1\u7b97\u673a\u75c5\u6bd2\u300b\u7b2c<\/em><em>102<\/em><em>\u9875\uff0c\u4f5c\u8005\uff1a\u5c24\u91d1\u00b7\u5361\u5df4\u65af\u57fa<\/em> <em>\u514d\u8d23\u58f0\u660e\uff1a\u672c\u6587\u4ec5\u4ee3\u8868\u4f5c\u8005\u7684\u4e2a\u4eba\u610f\u89c1\u3002\u53ef\u80fd\u4e0e\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7684\u7acb\u573a\u76f8\u7b26\uff0c\u4e5f\u53ef\u80fd\u76f8\u53cd\u3002\u542c\u5929\u7531\u547d\u5427\u3002<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728\u5f00\u59cb\u672c\u5468\u65b0\u4e00\u671f\u7684\u300a\u5b89\u5168\u5468\u62a5\u300b\u4e4b\u524d\uff0c\u6211\u60f3\u5148\u8bf4\u51e0\u6761\u4e0e\u4fe1\u606f\u5b89\u5168\u65e0\u5173\u7684\u65b0\u95fb\u3002\u5927\u4f17\u67f4\u6cb9\u8f66\u88ab\u53d1\u73b0\u6c61\u67d3\u7269\u6392\u653e\u8fdc\u8d85\u6d4b\u8bd5\u4e2d\u663e\u793a\u7684\u6570\u503c\u3002<\/p>\n","protected":false},"author":53,"featured_media":3479,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1450,1308],"tags":[903,65,871,804,860,857,196,806,44,902,454,214],"class_list":{"0":"post-3478","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-privacy","9":"tag-d-link","10":"tag-ios","11":"tag-871","12":"tag-804","13":"tag-860","14":"tag-857","15":"tag-196","16":"tag-806","17":"tag-44","18":"tag-902","19":"tag-454","20":"tag-214"},"hreflang":[{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/security-week-39-xcodeghost-the-leak-of-d-link-certificates-1m-for-bugs-in-ios9\/3478\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/security-week-39-xcodeghost-the-leak-of-d-link-certificates-1m-for-bugs-in-ios9\/5238\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.cn\/blog\/tag\/d-link\/","name":"D-Link"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/comments?post=3478"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3478\/revisions"}],"predecessor-version":[{"id":11093,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3478\/revisions\/11093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media\/3479"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media?parent=3478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/categories?post=3478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/tags?post=3478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}