Cloud platforms reported, already has a white hat found WormHole vulnerability a variety of Android applications, hackers can use this exploit any vulnerability of Internet phone, execute malicious code can directly manipulate the phone in your hand.
First thing to mention is, WormHole vulnerability is what? Found the real identity of this vulnerability is the Ali Institute of engineers, of course, it's another identity is the white hat in this incident, he first discovered the WormHole vulnerabilities exist, Baidu's range of application.
No matter where you are the Android platform (including the Android m), he can attack through this vulnerability directly any networking Android mobile phone, regardless of whether the phones root, it can keep loopholes in mobile pop-up message pops up another application, upload data within the mobile, or open any of the links to a Web page embedded Trojan or a virus.
So what is your app?
According to incomplete statistics, Baidu, the network of information points to the variety of applications, these applications are: Baidu browser map, Baidu, Baidu post bar, Baidu, Baidu video translation, Baidu Mobile Assistant music, Baidu, Baidu, Baidu news, Baidu, Baidu picture input methods, and, of course, there are some third-party applications like pocket money or sprouting chat.
Media Advisory-related security experts: "WormHole loophole" is actually based on the advertisement of Baidu port authentication and access control deficiencies. This port is used for advertising pages, upgrade, download, extension app uses.
So I got in, what is the remedy?
Current cloud of these vulnerabilities has been Baidu official confirmation and repair, Baidu said upgrades to the latest software to solve this problem.
Security experts suggested that official should upgrade to the latest version of the software if the software isn't updated closing loopholes, the user should remove the vulnerable app. In fact, in reports of recent cloud vulnerability platform, clouds the WormHole also pointed to Huawei mobile phone vulnerabilities, and Baidu-related vulnerabilities are also submitted on or around October 20, although the number of app users that are billions of dollars, but so far hasn't caused too much influence.
The age of the Internet, the security problem has been mentioned repeatedly by the vendor, some time ago 163 NetEase mailbox user's password leaks, this security problem because a mailbox via the special status has brought a great deal of influence in your life, hackers can by e-mail to steal other platform account of the binding, such as locking your phone, reset your password for the other platforms.
We exist in the Internet space, Terminal and terminal connections on the same simple, these connections also broke the traditional security infrastructure that wall. 360, President of qihoo has compared the security issues in the mobile Internet age spear and shield, the simple principles of attack and defence.
So even special care frequency sent of vulnerability problem, still also is will has break-solution-again break-again solution of process, just because debris of and open these security problem was zoom of possibilities increases has, but which Defense principle actually with we when waiting for iOS cracked is as of truth, Defense itself and user has nothing to do, this seems to is one black and white guest Zhijian of game, and as user also can do some what does?
0 comments:
Post a Comment