其他
「 特别预警」这个新iMessage 0-Click漏洞可能影响你
Android 平台下钉钉受此漏洞影响
#define FIXED_TABLE_SIZE (630 * 3 + 410)
static const uint16_t kTableSize[12] = {
FIXED_TABLE_SIZE + 654,
FIXED_TABLE_SIZE + 656,
FIXED_TABLE_SIZE + 658,
FIXED_TABLE_SIZE + 662,
FIXED_TABLE_SIZE + 670,
FIXED_TABLE_SIZE + 686,
FIXED_TABLE_SIZE + 718,
FIXED_TABLE_SIZE + 782,
FIXED_TABLE_SIZE + 912,
FIXED_TABLE_SIZE + 1168,
FIXED_TABLE_SIZE + 1680,
FIXED_TABLE_SIZE + 2704
};
const int table_size = kTableSize[color_cache_bits];
huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
sizeof(*huffman_tables));
// Fill in 2nd level tables and add pointers to root table.
for (len = root_bits + 1, step = 2; len <= MAX_ALLOWED_CODE_LENGTH;
++len, step <<= 1) {
num_open <<= 1;
num_nodes += num_open;
num_open -= count[len];
if (num_open < 0) {
return 0;
}
if (root_table == NULL) continue;
for (; count[len] > 0; --count[len]) {
HuffmanCode code;
if ((key & mask) != low) {
table += table_size;
table_bits = NextTableBitSize(count, len, root_bits);
table_size = 1 << table_bits;
total_size += table_size;
low = key & mask;
root_table[low].bits = (uint8_t)(table_bits + root_bits);
root_table[low].value = (uint16_t)((table - root_table) - low);
}
code.bits = (uint8_t)(len - root_bits);
code.value = (uint16_t)sorted[symbol++];
ReplicateValue(&table[key >> root_bits], step, table_size, code); // overflow here
key = GetNextKey(key, len);
}
}
本案例中,漏洞发生在一个常用基础库中,实际受影响的软件产品数量超乎想象,但能及时修复漏洞的厂商微乎其微。
管中窥豹,与Chrome、FireFox等团队相比,国内软件开发团队在漏洞信息获取、漏洞研判、漏洞修复、应急响应等诸多环节存在明显不足。
只有安全应急从被动走向主动,才能让“安全”更真实。
参 考:
[1] https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
[2] https://support.apple.com/en-us/HT213905
[3] https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
[4] https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
[5] https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/
GEEKCON 2023
All in 极致技术,这场面向未来的极客专属活动,欢迎你的加入!