{"id":728,"date":"2023-11-24T08:11:53","date_gmt":"2023-11-24T08:11:53","guid":{"rendered":"https:\/\/tastycounter.net\/index.php\/2023\/11\/24\/7-vu-hack-vi-pham-va-lo-hong-bao-mat-cua-apple-ma-ban-chua-biet\/"},"modified":"2023-11-24T08:11:53","modified_gmt":"2023-11-24T08:11:53","slug":"7-vu-hack-vi-pham-va-lo-hong-bao-mat-cua-apple-ma-ban-chua-biet","status":"publish","type":"post","link":"https:\/\/tastycounter.net\/index.php\/2023\/11\/24\/7-vu-hack-vi-pham-va-lo-hong-bao-mat-cua-apple-ma-ban-chua-biet\/","title":{"rendered":"7 v\u1ee5 hack, vi ph\u1ea1m v\u00e0 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ee7a Apple m\u00e0 b\u1ea1n ch\u01b0a bi\u1ebft"},"content":{"rendered":"<\/p>\n<div class=\"content-detail textview\">\n<p>Apple kh\u00f4ng c\u00f2n xa l\u1ea1 v\u1edbi c\u00e1c s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt, ch\u00fang c\u00f3 th\u1ec3 l\u00e0 m\u1ed9t v\u1ee5 hack, vi ph\u1ea1m ho\u1eb7c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. B\u1ea1n c\u00f3 th\u1ec3 kh\u00f4ng nh\u1eadn th\u1ee9c \u0111\u01b0\u1ee3c nh\u1eefng v\u1ea5n \u0111\u1ec1 kh\u00e1c nhau n\u00e0y v\u00e0 m\u1ed9t s\u1ed1 v\u1ea5n \u0111\u1ec1 v\u1eabn c\u00f3 th\u1ec3 khi\u1ebfn b\u1ea1n g\u1eb7p r\u1ee7i ro. V\u1eady b\u1ea1n c\u1ea7n bi\u1ebft nh\u1eefng v\u1ee5 hack, vi ph\u1ea1m v\u00e0 l\u1ed7 h\u1ed5ng n\u00e0o c\u1ee7a Apple?<\/p>\n<h2>C\u00e1c v\u1ee5 hack v\u00e0 vi ph\u1ea1m c\u1ee7a Apple<\/h2>\n<p>Apple \u0111\u00e3 ch\u1ee9ng ki\u1ebfn t\u1ef7 l\u1ec7 c\u00e1c v\u1ee5 hack kh\u00e1 l\u1edbn trong nh\u1eefng n\u0103m qua, trong \u0111\u00f3 m\u1ed9t s\u1ed1 v\u1ee5 vi\u1ec7c \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng. H\u00e3y b\u1eaft \u0111\u1ea7u v\u1edbi m\u1ed9t v\u1ee5 hack di\u1ec5n ra h\u01a1n m\u1ed9t th\u1eadp k\u1ef7 tr\u01b0\u1edbc.<\/p>\n<h3>1. <a title=\"Ti\u1ebft l\u1ed9 th\u00f4ng tin chi ti\u1ebft v\u1ee5 hack l\u1edbn nh\u1ea5t trong l\u1ecbch s\u1eed c\u1ee7a Apple, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u00e0ng tr\u0103m tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng iPhone\" href=\"https:\/\/quantrimang.com\/lang-cong-nghe\/tiet-lo-thong-tin-chi-tiet-ve-vu-hack-iphone-lon-nhat-181151\" data-type=\"internal\">Hack XCodeGhost<\/a> (2015)<\/h3>\n<p>N\u0103m 2015, 128 tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng iPhone b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi v\u1ee5 hack d\u1ef1a tr\u00ean ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i. Tin t\u1eb7c \u0111\u00e3 s\u1eed d\u1ee5ng phi\u00ean b\u1ea3n XCode \u0111\u1ed9c h\u1ea1i, m\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n c\u1ee7a Apple cho t\u1ea5t c\u1ea3 c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh c\u1ee7a h\u00e3ng, bao g\u1ed3m c\u1ea3 iOS. V\u1edbi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y, \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 XCodeGhost, tin t\u1eb7c \u0111\u00e3 t\u00ecm c\u00e1ch x\u00e2m ph\u1ea1m kho\u1ea3ng 50 \u1ee9ng d\u1ee5ng t\u1eeb Apple App Store. Nh\u1eefng ng\u01b0\u1eddi \u0111\u00e3 t\u1ea3i xu\u1ed1ng c\u00e1c \u1ee9ng d\u1ee5ng b\u1ecb \u1ea3nh h\u01b0\u1edfng r\u1ea5t d\u1ec5 b\u1ecb hack v\u00e0 \u01b0\u1edbc t\u00ednh kho\u1ea3ng 500 tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng c\u00f3 nguy c\u01a1 g\u1eb7p r\u1ee7i ro v\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3.<\/p>\n<p>M\u1eb7c d\u00f9 \u01b0\u1edbc t\u00ednh kh\u1ed5ng l\u1ed3 n\u00e0y tr\u00ean th\u1ef1c t\u1ebf nh\u1ecf h\u01a1n m\u1ed9t ch\u00fat, nh\u01b0ng c\u00e1c t\u00e0i li\u1ec7u \u0111\u01b0\u1ee3c cung c\u1ea5p trong cu\u1ed9c chi\u1ebfn t\u1ea1i t\u00f2a \u00e1n c\u1ee7a Apple v\u1edbi Epic Games \u0111\u00e3 ti\u1ebft l\u1ed9 r\u1eb1ng 128 tri\u1ec7u c\u00e1 nh\u00e2n v\u1eabn b\u1ecb \u1ea3nh h\u01b0\u1edfng, bao g\u1ed3m 18 tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng \u1edf Hoa K\u1ef3 (theo b\u00e1o c\u00e1o c\u1ee7a B\u1ed9 ph\u1eadn An ninh).<\/p>\n<p>\u0110i\u1ec1u \u0111\u1eb7c bi\u1ec7t g\u00e2y tranh c\u00e3i v\u1ec1 v\u1ee5 vi\u1ec7c n\u00e0y l\u00e0 v\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3, Apple \u0111\u00e3 quy\u1ebft \u0111\u1ecbnh kh\u00f4ng th\u00f4ng b\u00e1o cho nh\u1eefng ng\u01b0\u1eddi d\u00f9ng c\u00f3 nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng. Ph\u1ea3i m\u1ea5t 6 n\u0103m n\u1eefa c\u00f4ng ch\u00fang m\u1edbi nh\u1eadn th\u1ee9c \u0111\u01b0\u1ee3c b\u1ea3n ch\u1ea5t th\u1ef1c s\u1ef1 c\u1ee7a v\u1ee5 hack, v\u1ed1n \u0111\u01b0\u1ee3c \u0111\u01b0a ra \u00e1nh s\u00e1ng trong phi\u00ean t\u00f2a x\u00e9t x\u1eed ph\u00e1p l\u00fd gi\u1eefa Apple v\u00e0 Epic Games n\u00f3i tr\u00ean.<\/p>\n<div id=\"articleads\" class=\"adbox adsense in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2079243249\"><\/ins><\/div>\n<h3>2. <a title=\"Ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p Pegasus l\u00e0 g\u00ec? B\u1ea1n c\u00f3 n\u00ean lo l\u1eafng v\u1ec1 n\u00f3?\" href=\"https:\/\/quantrimang.com\/cong-nghe\/phan-mem-gian-diep-pegasus-183509\" data-type=\"internal\">Ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p Pegasus<\/a> (2016 tr\u1edf \u0111i)<\/h3>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"\u0110\u00e8n neon Pegasus m\u00e0u cam\" width=\"650\" height=\"385\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2023\/11\/24\/vi-pham-hack-lo-hong-bao-mat-apple-1.jpg\"><\/p>\n<p>Ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p kh\u00e9t ti\u1ebfng Pegasus ra m\u1eaft l\u1ea7n \u0111\u1ea7u ti\u00ean v\u00e0o n\u0103m 2016 nh\u01b0ng \u0111\u00e3 tr\u1edf n\u00ean n\u1ed5i ti\u1ebfng to\u00e0n c\u1ea7u v\u00e0o n\u0103m 2021 khi n\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 khai th\u00e1c iOS trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u1eafm m\u1ee5c ti\u00eau cao. Pegasus \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n b\u1edfi T\u1eadp \u0111o\u00e0n NSO c\u1ee7a Israel, m\u1ed9t t\u1ed5 ch\u1ee9c g\u00e2y tranh c\u00e3i \u0111\u00e3 nhi\u1ec1u l\u1ea7n \u0111\u01b0a tin v\u1ec1 b\u1ea3o m\u1eadt trong qu\u00e1 kh\u1ee9. Tr\u00ean th\u1ef1c t\u1ebf, T\u1eadp \u0111o\u00e0n NSO \u0111\u00e3 b\u00e1n ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p Pegasus c\u1ee7a m\u00ecnh cho nhi\u1ec1u ch\u00ednh ph\u1ee7 v\u00e0 ti\u1ec3u bang, bao g\u1ed3m c\u1ea3 \u1ea4n \u0110\u1ed9 v\u00e0 Mexico.<\/p>\n<p>Trong l\u1ea7n khai th\u00e1c n\u00e0y c\u1ee7a Apple, m\u1ed9t l\u1ed7 h\u1ed5ng iOS \u0111\u00e3 b\u1ecb l\u1ea1m d\u1ee5ng \u0111\u1ec3 ch\u1ea1y ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p Pegasus tr\u00ean iPhone. M\u1ed9t tuy\u00ean b\u1ed1 ch\u00ednh th\u1ee9c c\u1ee7a Apple gi\u1ea3i th\u00edch r\u1eb1ng c\u00e1c t\u00ednh n\u0103ng nh\u01b0 Lockdown Mode c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 b\u1ea3o v\u1ec7 ch\u1ed1ng l\u1ea1i nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng nh\u01b0 v\u1eady, c\u0169ng nh\u01b0 m\u1eadt kh\u1ea9u m\u1ea1nh v\u00e0 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m. C\u00e1c th\u00f4ng b\u00e1o v\u1ec1 m\u1ed1i \u0111e d\u1ecda s\u1ebd \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 c\u1ea3nh b\u00e1o nh\u1eefng ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau c\u1ee7a nh\u1eefng hacker \u0111\u01b0\u1ee3c nh\u00e0 n\u01b0\u1edbc b\u1ea3o tr\u1ee3.<\/p>\n<h3>3. SolarWind (2021)<\/h3>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Ng\u01b0\u1eddi \u0111eo g\u0103ng tay g\u00f5 ph\u00edm tr\u00ean Macbook\" width=\"650\" height=\"381\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2023\/11\/24\/vi-pham-hack-lo-hong-bao-mat-apple-2.jpg\"><\/p>\n<div id=\"articleads2\" class=\"adbox in-article adsense\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"4889239415\"><\/ins><\/div>\n<p>Cu\u1ed9c t\u1ea5n c\u00f4ng SolarWinds \u0111\u00e3 l\u00e0m rung chuy\u1ec3n ng\u00e0nh c\u00f4ng ngh\u1ec7 v\u00e0 an ninh m\u1ea1ng v\u00e0o n\u0103m 2021 v\u00e0 Apple c\u0169ng kh\u00f4ng th\u1ec3 tr\u00e1nh l\u00e0n s\u00f3ng n\u00e0y.<\/p>\n<p>Trong cu\u1ed9c t\u1ea5n c\u00f4ng SolarWinds, tin t\u1eb7c \u0111\u00e3 khai th\u00e1c l\u1ed7 h\u1ed5ng zero-day c\u1ee7a iOS 14 \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o iPhone. Th\u00f4ng qua l\u1ed7 h\u1ed5ng n\u00e0y, tin t\u1eb7c \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c domain \u0111\u1ed9c h\u1ea1i \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng iPhone \u0111\u1ebfn nh\u1eefng trang web l\u1eeba \u0111\u1ea3o. Ng\u01b0\u1ee3c l\u1ea1i, \u0111i\u1ec1u n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, sau \u0111\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 hack t\u00e0i kho\u1ea3n ho\u1eb7c b\u00e1n cho nh\u1eefng k\u1ebb b\u1ea5t h\u1ee3p ph\u00e1p kh\u00e1c tr\u00ean c\u00e1c th\u1ecb tr\u01b0\u1eddng b\u1ea5t h\u1ee3p ph\u00e1p.<\/p>\n<h3>4. R\u00f2 r\u1ec9 d\u1eef li\u1ec7u Apple v\u00e0 Meta (2021)<\/h3>\n<p>S\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt g\u1ea7n \u0111\u00e2y nh\u1ea5t c\u1ee7a Apple di\u1ec5n ra v\u00e0o gi\u1eefa n\u0103m 2021 khi nh\u00e2n vi\u00ean Apple v\u00e0 Meta b\u1ecb hacker m\u1ea1o danh quan ch\u1ee9c th\u1ef1c thi ph\u00e1p lu\u1eadt l\u1eeba \u0111\u1ea3o. Trong cu\u1ed9c t\u1ea5n c\u00f4ng, tr\u01b0\u1edbc ti\u00ean, tin t\u1eb7c x\u00e2m nh\u1eadp t\u00e0i kho\u1ea3n v\u00e0 m\u1ea1ng c\u1ee7a c\u00e1c c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt, sau \u0111\u00f3 g\u1eedi y\u00eau c\u1ea7u d\u1eef li\u1ec7u kh\u1ea9n c\u1ea5p gi\u1ea3 m\u1ea1o t\u1edbi nh\u00e2n vi\u00ean c\u1ee7a hai g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7, y\u00eau c\u1ea7u ph\u1ea3n h\u1ed3i nhanh ch\u00f3ng. \u0110\u1ec3 \u0111\u00e1p l\u1ea1i y\u00eau c\u1ea7u c\u00f3 v\u1ebb ch\u00ednh th\u1ee9c n\u00e0y, \u0111\u1ecba ch\u1ec9 IP, \u0111\u1ecba ch\u1ec9 nh\u00e0 ri\u00eang v\u00e0 s\u1ed1 li\u00ean l\u1ea1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c cung c\u1ea5p.<\/p>\n<p>\u0110i\u1ec1u quan tr\u1ecdng c\u1ea7n l\u01b0u \u00fd l\u00e0 nh\u00e2n vi\u00ean Apple v\u00e0 Meta kh\u00f4ng cung c\u1ea5p th\u00f4ng tin do y\u00eau c\u1ea7u ng\u1eabu nhi\u00ean. H\u1ec7 th\u1ed1ng h\u1ee3p ph\u00e1p \u0111\u00e3 b\u1ecb nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng t\u1ea5n c\u00f4ng \u0111\u1ec3 g\u1eedi y\u00eau c\u1ea7u, \u0111i\u1ec1u n\u00e0y g\u00e2y kh\u00f3 kh\u0103n cho vi\u1ec7c ph\u00e1t hi\u1ec7n.<\/p>\n<h2>Nh\u1eefng l\u1ed7 h\u1ed5ng c\u1ee7a Apple<\/h2>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"D\u1eef li\u1ec7u m\u00e3 h\u00f3a c\u00f3 kh\u00f3a\" width=\"650\" height=\"433\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2023\/11\/24\/vi-pham-hack-lo-hong-bao-mat-apple-3.jpg\"><\/p>\n<p>C\u00e1c ch\u01b0\u01a1ng tr\u00ecnh ph\u1ea7n m\u1ec1m kh\u00e1c nhau c\u1ee7a Apple, bao g\u1ed3m c\u1ea3 h\u1ec7 \u0111i\u1ec1u h\u00e0nh, c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh n\u1ea1n nh\u00e2n c\u1ee7a nh\u1eefng l\u1ed7 h\u1ed5ng code.<\/p>\n<h3>1. L\u1ed7 h\u1ed5ng kernel v\u00e0 WebKit (2022)<\/h3>\n<p>V\u00e0o th\u00e1ng 8 n\u0103m 2022, Apple th\u00f4ng b\u00e1o r\u1eb1ng h\u1ecd \u0111\u00e3 t\u00ecm th\u1ea5y m\u1ed9t l\u1ed7 h\u1ed5ng kernel (t\u00ean ch\u00ednh th\u1ee9c l\u00e0 CVE-2022-32894) cho ph\u00e9p th\u1ef1c thi code t\u00f9y \u00fd v\u1edbi c\u00e1c \u0111\u1eb7c quy\u1ec1n kernel. Apple \u0111\u00e3 v\u00e1 CVE-2022-32894 b\u1eb1ng macOS Monterey, v\u00ec v\u1eady n\u1ebfu b\u1ea1n \u0111\u00e3 c\u00e0i \u0111\u1eb7t b\u1ea3n c\u1eadp nh\u1eadt n\u00e0y theo c\u00e1ch th\u1ee7 c\u00f4ng ho\u1eb7c \u0111ang s\u1eed d\u1ee5ng phi\u00ean b\u1ea3n macOS m\u1edbi h\u01a1n Monterey th\u00ec kh\u00f4ng c\u1ea7n lo l\u1eafng.<\/p>\n<p>C\u00f9ng v\u1edbi l\u1ed7 h\u1ed5ng n\u00e0y, l\u1ed7 h\u1ed5ng Apple WebKit c\u0169ng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n. L\u1ed7 h\u1ed5ng n\u00e0y c\u0169ng c\u00f3 nguy c\u01a1 th\u1ef1c thi code t\u00f9y \u00fd do n\u1ed9i dung web \u0111\u1ed9c h\u1ea1i. Gi\u1ed1ng nh\u01b0 l\u1ed7 h\u1ed5ng n\u00f3i tr\u00ean, l\u1ed7 h\u1ed5ng WebKit d\u00e0nh cho macOS Monterey \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 t\u1eeb l\u00e2u.<\/p>\n<div id=\"articleads3\" class=\"adbox in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2737970258\"><\/ins><\/div>\n<h3>2. L\u1ed7 h\u1ed5ng Blastpass (2023)<\/h3>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"D\u00f2ng code tr\u00ean m\u00e0n h\u00ecnh\" width=\"650\" height=\"369\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2023\/11\/24\/vi-pham-hack-lo-hong-bao-mat-apple-4.jpg\"><\/p>\n<p>V\u00e0o th\u00e1ng 9 n\u0103m 2023, hai l\u1ed7 h\u1ed5ng zero-day c\u1ee7a Apple \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n \u0111\u00e3 b\u1ecb k\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng. C\u00e1c l\u1ed7 h\u1ed5ng c\u00f3 t\u00ean ch\u00ednh th\u1ee9c l\u00e0 CVE-2023-41064 v\u00e0 CVE-2023-41061, trong ph\u1ea7n m\u1ec1m iOS.<\/p>\n<p>CVE-2023-41064 l\u00e0 l\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m cho ph\u00e9p th\u1ef1c thi code t\u00f9y \u00fd v\u00e0 c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 iPhone model 8 tr\u1edf l\u00ean ch\u1ea1y phi\u00ean b\u1ea3n iOS 16.6 ho\u1eb7c m\u1edbi h\u01a1n. M\u1ed9t s\u1ed1 m\u1eabu iPad c\u0169ng c\u00f3 th\u1ec3 b\u1ecb nh\u1eafm t\u1edbi th\u00f4ng qua l\u1ed7 h\u1ed5ng n\u00e0y. CVE-2023-41061, \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n ngay sau l\u1ed7 h\u1ed5ng \u0111\u1ea7u ti\u00ean, l\u00e0 m\u1ed9t v\u1ea5n \u0111\u1ec1 x\u00e1c th\u1ef1c c\u00f3 th\u1ec3 b\u1ecb l\u1ea1m d\u1ee5ng th\u00f4ng qua c\u00e1c file \u0111\u00ednh k\u00e8m \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>Theo b\u00e1o c\u00e1o c\u1ee7a The Citizen Lab, khi \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ed3ng th\u1eddi, hai l\u1ed7 h\u1ed5ng n\u00e0y s\u1ebd h\u00ecnh th\u00e0nh m\u1ed9t chu\u1ed7i khai th\u00e1c \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 Blastpass v\u00e0 t\u1ea1o th\u00e0nh m\u1ed9t ph\u1ea7n c\u1ee7a chu\u1ed7i ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p Pegasus c\u1ee7a NSO Group. Blastpass c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 hack iPhone v\u00e0 iPad m\u00e0 n\u1ea1n nh\u00e2n th\u1eadm ch\u00ed kh\u00f4ng c\u1ea7n ph\u1ea3i t\u01b0\u01a1ng t\u00e1c v\u1edbi b\u1ea5t k\u1ef3 trang web ho\u1eb7c th\u00f4ng tin li\u00ean l\u1ea1c \u0111\u1ed9c h\u1ea1i n\u00e0o. \u0110\u00e2y c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 l\u1ed7 h\u1ed5ng zero-click.<\/p>\n<p>Tuy nhi\u00ean, b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng Lockdown Mode c\u1ee7a Apple, chu\u1ed7i c\u00f3 th\u1ec3 b\u1ecb d\u1eebng tr\u00ean \u0111\u01b0\u1eddng \u0111i, ng\u0103n ch\u1eb7n n\u00f3 l\u00e2y nhi\u1ec5m v\u00e0o thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n. Ngo\u00e0i ra c\u00f2n c\u00f3 m\u1ed9t b\u1ea3n v\u00e1 cho hai l\u1ed7 h\u1ed5ng \u0111ang b\u1ecb khai th\u00e1c.<\/p>\n<h3>3. L\u1ed7 h\u1ed5ng Foundation (2023)<\/h3>\n<p>V\u00e0o \u0111\u1ea7u n\u0103m 2023, 3 l\u1ed7 h\u1ed5ng zero-day c\u1ee7a Apple \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n khi\u1ebfn nhi\u1ec1u h\u1ec7 \u0111i\u1ec1u h\u00e0nh c\u1ee7a Apple g\u1eb7p r\u1ee7i ro, bao g\u1ed3m iOS, iPadOS v\u00e0 macOS. Hai trong s\u1ed1 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y trong framework Foundation c\u1ee7a Apple, n\u01a1i cung c\u1ea5p c\u1ea5p \u0111\u1ed9 ch\u1ee9c n\u0103ng v\u00e0 ho\u1ea1t \u0111\u1ed9ng t\u01b0\u01a1ng t\u00e1c c\u01a1 b\u1ea3n cho c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee7a Apple. Ba l\u1ed7 h\u1ed5ng n\u00e0y, \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 CVE-2023-23530, CVE-2023-23531 v\u00e0 CVE-2023-23520, \u0111\u00e3 cung c\u1ea5p cho k\u1ebb t\u1ea5n c\u00f4ng kh\u1ea3 n\u0103ng th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa tr\u00ean c\u00e1c thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m.<\/p>\n<p>V\u00e0o th\u00e1ng 2 n\u0103m 2023, Apple \u0111\u00e3 v\u00e1 3 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt n\u00e0y, v\u00ec v\u1eady b\u1ea1n s\u1ebd kh\u00f4ng c\u00f2n ti\u1ebfp x\u00fac v\u1edbi ch\u00fang n\u1eefa n\u1ebfu c\u1eadp nh\u1eadt thi\u1ebft b\u1ecb Apple c\u1ee7a m\u00ecnh th\u01b0\u1eddng xuy\u00ean.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Apple kh\u00f4ng c\u00f2n xa l\u1ea1 v\u1edbi c\u00e1c s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt, ch\u00fang c\u00f3 th\u1ec3 l\u00e0 m\u1ed9t v\u1ee5 hack, vi ph\u1ea1m ho\u1eb7c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. B\u1ea1n c\u00f3 th\u1ec3 kh\u00f4ng nh\u1eadn th\u1ee9c \u0111\u01b0\u1ee3c nh\u1eefng v\u1ea5n \u0111\u1ec1 kh\u00e1c nhau n\u00e0y v\u00e0 m\u1ed9t s\u1ed1 v\u1ea5n \u0111\u1ec1 v\u1eabn c\u00f3 th\u1ec3 khi\u1ebfn b\u1ea1n g\u1eb7p r\u1ee7i ro. V\u1eady b\u1ea1n c\u1ea7n bi\u1ebft [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-728","post","type-post","status-publish","format-standard","hentry","category-khong-phan-loai"],"_links":{"self":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/comments?post=728"}],"version-history":[{"count":0,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/728\/revisions"}],"wp:attachment":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media?parent=728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/categories?post=728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/tags?post=728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}