{"id":4836,"date":"2023-05-21T15:41:32","date_gmt":"2023-05-21T13:41:32","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4836"},"modified":"2023-05-21T15:41:32","modified_gmt":"2023-05-21T13:41:32","slug":"apple-ispravlja-3-ranjivosti-nultog-dana","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/05\/21\/apple-ispravlja-3-ranjivosti-nultog-dana\/","title":{"rendered":"Apple ispravlja 3 ranjivosti nultog dana"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Kompanija <em>Apple<\/em> ispravlja 3 ranjivosti <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/zero-day\/\" target=\"_blank\" rel=\"nofollow noopener\">nultog dana<\/a> u a\u017euriranjima objavljenim za <em>iOS, iPadOS, macOS, tvOS i watchOS<\/em>. A\u017euriranja ispravljaju nekoliko ranjivosti, ali je najva\u017enije a\u017euriranje koje se odnosi na <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-32409\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-32409<\/em><\/a> <em>WebKit <\/em>ranjivost koja se mo\u017eda ve\u0107 aktivno iskori\u0161tava.<\/span><\/p>\n<div id=\"attachment_4841\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4841\" class=\"size-full wp-image-4841\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Apple-fixes-WebKit.jpg\" alt=\"Apple fixes WebKit\" width=\"1024\" height=\"654\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Apple-fixes-WebKit.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Apple-fixes-WebKit-300x192.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Apple-fixes-WebKit-768x491.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Apple-fixes-WebKit-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4841\" class=\"wp-caption-text\">Apple ispravlja 3 ranjivosti nultog dana; Dizajn: Sa\u0161a \u0110uri\u0107<\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Ranjivosti<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kriti\u010dne ranjivosti su ozna\u010dene kao <em>CVE-2023-32409<\/em>, <em>CVE-2023-28204<\/em> i <em>CVE-2023-32373<\/em>. Prva ranjivost omogu\u0107ava izlazak iz izolovanog okru\u017eenja (eng. <em>sandbox<\/em>) \u0161to mo\u017ee napada\u010dima na daljinu omogu\u0107iti izlazak veb sadr\u017eaja iz izolovanog okru\u017eenja.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Druge dvije ranjivosti se mogu iskoristiti kako bi prevarili korisnike da u\u010ditaju zlonamjerno napravljene Internet stranice, \u0161to napada\u010dima mo\u017ee omogu\u0107iti pristup privatnim podacima i nakon toga mogu pokrenuti proizvoljni k\u00f4d na zara\u017eenim ure\u0111ajima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Jednostavno re\u010deno, kombinovanje ovih ranjivosti omogu\u0107ava napada\u010du da iskori\u0161tavanjem prve, ranjivosti dobije mogu\u0107nosti iskori\u0161tavanja druge ranjivosti, a onda iskori\u0161tavanjem druge ranjivosti dobije mogu\u0107nost pokretanja proizvoljnog k\u00f4da kako bi iskoristio tre\u0107u ranjivost. Kada napada\u010d iskoristi tre\u0107u ranjivost, napada\u010d preuzima kontrolu ne samo nad trenutnom Internet stranicom, ve\u0107 i nad Internet pregleda\u010dem \u0161to mu mo\u017ee omogu\u0107iti dalje napredovanje ka preuzimanju korisni\u010dkog ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Pogo\u0111eni ure\u0111aji<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Prema <a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-fixes-three-new-zero-days-exploited-to-hack-iphones-macs\/\" target=\"_blank\" rel=\"noopener\">dostupnoj listi<\/a> pogo\u0111enih ure\u0111aja, korisnici trebaju obratiti pa\u017enju na sljede\u0107e:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>iPhone 6s<\/em> (svi modeli), <em>iPhone 7 <\/em>(svi modeli), <em>iPhone SE<\/em> (prva generacija), <em>iPad Air 2, iPad mini<\/em> (4 genearcija), <em>iPod touch<\/em> (7 generacija) i <em>iPhone 8 i noviji<\/em>.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>iPad Pro<\/em> (svi modeli), <em>iPad Air<\/em> (3 generacija i noviji), <em>iPad<\/em> (5 generacija i noviji) i <em>iPad<\/em> <em>mini<\/em> (5 generacija i noviji).<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Mac<\/em> ure\u0111aji sa <em>macOS<\/em> <em>Big<\/em> <em>Sur<\/em>, <em>Monterey<\/em> i <em>Ventura<\/em> operativnim sistemima<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Apple<\/em> <em>Watch<\/em> (serije 4 i noviji).<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Apple<\/em> <em>TV<\/em> <em>4K<\/em> (svi modeli) i <em>Apple<\/em> <em>TV<\/em> <em>HD.<\/em><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Kako se za\u0161titit?<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Najva\u017enije je da korisnici primjene a\u017euriranja. Pored ovih ranjivosti, a\u017euriranja ispravljaju ranjivosti kao \u0161to su: zaobila\u017eenje postavki privatnosti, pristup privatnim podacima sa zaklju\u010dnog ekrana, preuzimanje lokacijskih informacija bez dozvole, \u0161pijuniranje mre\u017enog saobra\u0107aja iz drugih aplikacija i sli\u010dno. Korisnici trebaju oti\u0107i na <em>Settings &gt; General &gt; Software Update<\/em> i izvr\u0161iti a\u017euriranje. Nakon toga bi trebalo da vide sljede\u0107e verzije:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>watchOS<\/em>: verzija <em>9.5<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>tvOS<\/em>: verzija <em>16.5<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\">iOS 15 i <em>iPadOS<\/em> <em>15<\/em>: verzija <em>15.7.6<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>iOS<\/em> <em>16<\/em> i <em>iPadOS<\/em> <em>16<\/em>: verzija <em>16.5<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>macOS<\/em> <em>Big<\/em> <em>Sur<\/em>: verzija <em>11.7.7<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>macOS<\/em> <em>Monterey<\/em>: verzija <em>12.6.6<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>macOS<\/em> <em>Ventura<\/em>: verzija <em>13.4<\/em><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><strong><u>Napomena:<\/u><\/strong> Korisnici koji koriste <em>macOS Big Sur<\/em> ili <em>macOS Monterey<\/em> moraju znati da se sva va\u017ena a\u017euriranja za ispravljanje <em>WebKit<\/em> ranjivosti ne nalaze unutar a\u017euriranja operativnog sistema, ve\u0107 da moraju izvr\u0161iti odvojeno a\u017euriranje pod nazivom <em><a href=\"https:\/\/support.apple.com\/en-us\/HT213762\" target=\"_blank\" rel=\"noopener\">Safari 16.5<\/a><\/em>.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Kompanija Apple ispravlja 3 ranjivosti nultog dana u a\u017euriranjima objavljenim za iOS, iPadOS, macOS, tvOS i watchOS. A\u017euriranja ispravljaju nekoliko ranjivosti, ali je najva\u017enije a\u017euriranje koje se odnosi na CVE-2023-32409 WebKit ranjivost koja se&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4841,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[323,126,380,381],"class_list":["post-4836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-apple","tag-vulnerability","tag-web","tag-webkit"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4836"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4836\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4841"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}