{"id":2422,"date":"2020-04-29T16:10:19","date_gmt":"2020-04-29T16:10:19","guid":{"rendered":"https:\/\/www.affinite.fr\/index.php\/2020\/04\/29\/google-a-trouve-une-palanquee-de-failles-dans-les-systemes-dexploitation-dapple\/"},"modified":"2020-04-29T16:10:19","modified_gmt":"2020-04-29T16:10:19","slug":"google-a-trouve-une-palanquee-de-failles-dans-les-systemes-dexploitation-dapple","status":"publish","type":"post","link":"http:\/\/www.affinite.fr\/index.php\/2020\/04\/29\/google-a-trouve-une-palanquee-de-failles-dans-les-systemes-dexploitation-dapple\/","title":{"rendered":"Google a trouv\u00e9 une palanqu\u00e9e de failles dans les syst\u00e8mes d&rsquo;exploitation d\u2019Apple"},"content":{"rendered":"<p> [ad_1]<br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/img.bfmtv.com\/i\/0\/0\/3d2\/fa5a243abe2222f4ce3fce40784cc.jpg\" \/><\/p>\n<div itemprop=\"articleBody\">\n<p>Le chercheur en s\u00e9curit\u00e9 Samuel Gross de Google Project Zero vient d\u2019ausculter la librairie \u00ab\u00a0Image\u00a0I\/O\u00a0\u00bb,\u00a0sp\u00e9cialis\u00e9e dans la lecture et l\u2019\u00e9criture d\u2019images et qui se trouve dans tous les syst\u00e8mes d\u2019exploitation d\u2019Apple\u00a0: iOS, macOS, tvOS, watchOS. En utilisant la technique du fuzzing, qui consiste \u00e0 modifier de mani\u00e8re al\u00e9atoire les entr\u00e9es d\u2019un syst\u00e8me pour r\u00e9v\u00e9ler des bugs, les experts ont trouv\u00e9 six failles dans le code \u00e9crit par Apple et huit autres dans un composant tiers baptis\u00e9 OpenEXR.<\/p>\n<aside class=\"bg-color-0 padding-inside-all-s bloc border-s\">\n<h4 class=\"box-txt-normal\">\n<p><b>A d\u00e9couvrir aussi en vid\u00e9o<\/b>\n<\/p>\n<\/h4>\n<\/aside>\n<p>Cette moisson est d\u2019autant plus remarquable que les vuln\u00e9rabilit\u00e9s &#8211; qui ont toutes \u00e9t\u00e9 corrig\u00e9es depuis &#8211; avaient certainement un grand potentiel d\u2019attaque, notamment au travers des applications de r\u00e9seaux sociaux. <em>\u00ab\u00a0Il est probable qu\u2019avec suffisamment d\u2019efforts, certaines des vuln\u00e9rabilit\u00e9s trouv\u00e9es permettaient l\u2019ex\u00e9cution de code \u00e0 distance dans un sc\u00e9nario d\u2019attaque z\u00e9ro-clic [i.e. ne n\u00e9cessitant pas l\u2019action de l\u2019utilisateur, NDLR]. Malheureusement, il est \u00e9galement probable que d\u2019autres bogues restent ou seront d\u00e9couverts \u00e0 l\u2019avenir\u00a0\u00bb<\/em>, explique Samuel Gross dans une note de blog. Il faut esp\u00e9rer que les pirates ne seront pas les premiers \u00e0 les trouver. Des attaques z\u00e9ro-clic ont r\u00e9cemment \u00e9t\u00e9 <a href=\"https:\/\/www.01net.com\/actualites\/les-iphone-peuvent-etre-pirates-par-un-simple-mail-verole-1899271.html\" target=\"_blank\" rel=\"noopener noreferrer\">d\u00e9tect\u00e9es sur Mail<\/a>, le client de messagerie d\u2019iOS.<\/p>\n<p><strong>Source<\/strong>: <a href=\"https:\/\/googleprojectzero.blogspot.com\/2020\/04\/fuzzing-imageio.html\" target=\"_blank\" rel=\"noopener noreferrer\">Google Project Zero<\/a><\/p>\n<\/p><\/div>\n<p><script>\n         !function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function()\n         {n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}\n         ;if(!f._fbq)f._fbq=n;\n             n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;\n             t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,\n                 document,'script','https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n         fbq('init', '1065890633454496');\n         fbq('track', 'PageView');\n     <\/script><br \/>\n<br \/>[ad_2]<br \/>\n<br \/><a href=\"https:\/\/www.01net.com\/actualites\/google-a-trouve-une-palanquee-de-failles-dans-les-systemes-d-exploitation-d-apple-1904136.html\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad_1] Le chercheur en s\u00e9curit\u00e9 Samuel Gross de Google Project Zero vient d\u2019ausculter la librairie \u00ab\u00a0Image\u00a0I\/O\u00a0\u00bb,\u00a0sp\u00e9cialis\u00e9e dans la lecture et &hellip; <a href=\"http:\/\/www.affinite.fr\/index.php\/2020\/04\/29\/google-a-trouve-une-palanquee-de-failles-dans-les-systemes-dexploitation-dapple\/\" class=\"more-link\">Plus <span class=\"screen-reader-text\">Google a trouv\u00e9 une palanqu\u00e9e de failles dans les syst\u00e8mes d&rsquo;exploitation d\u2019Apple<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":2423,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-2422","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tous"],"_links":{"self":[{"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/posts\/2422"}],"collection":[{"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/comments?post=2422"}],"version-history":[{"count":0,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/posts\/2422\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/media\/2423"}],"wp:attachment":[{"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/media?parent=2422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/categories?post=2422"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.affinite.fr\/index.php\/wp-json\/wp\/v2\/tags?post=2422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}