Cilmi-baare amni oo ka helay wax ka badan nus darsin eber-maalin dayacan oo ku jira browser-ka Safari ayaa $75 ka helay barnaamijka Apple's Bug Bounty. Qaar ka mid ah cayayaankan ayaa u oggolaan kara kuwa weeraraya inay galaan kamaradaha webka ee kombuyuutarrada Mac, iyo sidoo kale kamarada fiidiyowga ee aaladaha mobilada ee iPhone iyo iPad.
Ryan Pickren ku saabsan dayacanka ee dhowr daabacaad oo ku yaal shabakadeeda. Wadar ahaan, wuxuu helay toddobo dayacan (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784 iyo CVE-2020) , saddex ka mid ah kuwaas oo si toos ah ula xiriiray suurtagalnimada jabsiga kaamirada ee aaladaha MacOS iyo iOS.
Cilladaha amniga browserka ayaa u oggolaaday hackers inuu ku khiyaaneeyo Safari inuu u maleeyo in goobta xaasidnimada leh ay tahay goob la aamini karo. Koodhka JavaScript ee ku haboon oo leh awooda lagu abuuro daaqad soo booda ah (sida degelka goonida ah, xayaysiisyada banner, ama kordhinta browserka) ayaa qaadi kara weerarkan. Hackers-ku waxa uu isticmaalaa xogtiisa aqoonsiga si uu u waxyeeleeyo sirta isticmaalaha, iyada oo ay ugu mahad naqayso qayb ahaan Apple oo u ogalaatay isticmaalayaasha in ay ku kaydiyaan goobaha ammaanka ee ku salaysan shabakad kasta. Natiijo ahaan, mareegaha xaasidnimada leh ayaa iska dhigi kara marinka shirarka fiidiyowga ee la aamini karo sida Skype ama Zoom ka dibna geli karo kamarada isticmaalaha.
Pickren wuxuu natiijadiisii ββu gudbiyay Apple, taasoo horseeday cusboonaysiinta Safari bishii Janaayo (nooca 13.0.5) kaas oo go'aamiyay saddex dayacan oo amniga ah. Ka dib bishii Maarso, Apple waxay sii daysay cusboonaysiin kale (nooca 13.1) kaas oo xiray godad amniga haray.
Kuwa u baahan faahfaahinta, "bughunter" ayaa si faahfaahsan u qeexay habka jabsiga ee bloggiisa, kaas oo qeexaya faahfaahinta farsamada. Dhanka barnaamijka Apple Bug Bounty, lacag bixinta kutaannada la helay waxay u dhaxaysaa $5000 (ugu yaraan) ilaa $1 milyan.
Source: 3dnews.ru