| 词条 | XARA |
| 释义 |
XARA is an acronym for "Unauthorized Cross-App Resource Access", which describes a category of zero-day vulnerabilities in computer software systems. Initial DisclosureAn academic research paper entitled "Unauthorized Cross-App Resource Access on MAC OS X and iOS".[1] was published on 26 May 2015 by a team of researchers from Indiana University, Tsinghua University, Peking University, Chinese Academy of Sciences, and Georgia Institute of Technology. The paper was widely released to the public on 16 June 2015 [2] and commented on by both mainstream and technical media outlets.[3][4][5][6][7]The paper identifies a number of separate categories of zero day threats to applications and stored passwords which can potentially be exploited by malware on iOS devices and OS X. The paper also discloses the existence of similar vulnerabilities on Android devices. Response by Vendors
Attack VectorsIn XARA each attack vector violates the principles of a computer security sandbox.
Known systems with problems
See also
References1. ^{{cite arXiv|date=26 May 2015|eprint=1505.06836|title=Unauthorized Cross-App Resource Access on MAC OS X and iOS|last1=Xing|first1=Luyi|last2=Bai|first2=Xiaolong|last3=Li|first3=Tongxin|last4=Wang|first4=XiaoFeng|last5=Chen|first5=Kai|last6=Liao|first6=Xiaojing|last7=Hu|first7=Shi-Min|last8=Han|first8=Xinhui|class=cs.CR}} 2. ^{{cite web|date=16 June 2015|url=https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view?usp=sharing|title=Unauthorized Cross-App Resource Access on MAC OS X and iOS|accessdate=18 June 2015}} 3. ^{{cite web|title=Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X|url=https://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/|website=TheRegister|publisher=TheRegister|accessdate=20 June 2015}} 4. ^{{cite web|title=OS X and iOS Unauthorized Cross Application Resource Access (XARA)|url=https://isc.sans.edu/diary/OS+X+and+iOS+Unauthorized+Cross+Application+Resource+Access+%28XARA%29/19815|website=InfoSec Handlers Diary Blog|publisher=Sans Technology Institute}} 5. ^{{cite web|title=iOS and OS X Security Flaws Enable Malicious Apps to Steal Passwords and Other Data|url=http://www.macrumors.com/2015/06/17/ios-osx-cross-app-keychain-security-flaw/|website=MacRumors|publisher=MacRumors|accessdate=20 June 2015}} 6. ^{{cite web|title=Zero-Day Exploits for Stealing OS X and iOS Passwords|url=http://thehackernews.com/2015/06/iphone-password-hacking.html|website=The Hacker News|publisher=The Hacker News|accessdate=20 June 2015}} 7. ^{{cite web|title=Zero-day exploit lets App Store malware steal OS X and iOS passwords|url=http://www.macworld.com/article/2937239/zero-day-exploit-lets-app-store-malware-steal-os-x-and-ios-passwords.html|website=MacWorld|publisher=MacWorld|accessdate=20 June 2015}} 8. ^{{cite web|title=Apple comments on XARA exploits, and what you need to know|url=http://www.imore.com/xara-exploits-mac-iphone-and-ipad-and-what-you-need-know|website=iMore|publisher=imore.com}} 2 : Computer network security|Types of malware |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。