{"id":5725,"date":"2023-12-02T18:31:37","date_gmt":"2023-12-02T17:31:37","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5725"},"modified":"2023-12-02T18:34:04","modified_gmt":"2023-12-02T17:34:04","slug":"upozorenje-o-2-apple-ranjivosti-nultog-dana","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/12\/02\/upozorenje-o-2-apple-ranjivosti-nultog-dana\/","title":{"rendered":"Upozorenje o 2 Apple ranjivosti nultog dana"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Upozorenje o 2 <em>Apple<\/em> <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/zero-day\/\" target=\"_blank\" rel=\"nofollow noopener\">ranjivosti nultog dana<\/a> koje se aktivno iskori\u0161tavaju za napad na korisnike <em>iOS<\/em>, <em>iPadOS<\/em> i <em>macOS<\/em> operativnih sistema, kao i <em>Safari<\/em> Internet pregleda\u010da.<\/span><\/p>\n<div id=\"attachment_5728\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5728\" class=\"size-full wp-image-5728\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana.jpg\" alt=\"Apple zero-day vulnerabilities\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Apple-ranjivosti-nultog-dana-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5728\" class=\"wp-caption-text\"><em>Upozorenje o 2 Apple ranjivosti nultog dana; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/02\/upozorenje-o-2-apple-ranjivosti-nultog-dana\/#RANJIVOSTI_NULTOG_DANA\" >RANJIVOSTI NULTOG DANA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/02\/upozorenje-o-2-apple-ranjivosti-nultog-dana\/#POGODENI_UREDAJI\" >POGO\u0110ENI URE\u0110AJI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/02\/upozorenje-o-2-apple-ranjivosti-nultog-dana\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"RANJIVOSTI_NULTOG_DANA\"><\/span><span style=\"font-size: 14pt;\"><strong>RANJIVOSTI<\/strong> <strong>NULTOG<\/strong> <strong>DANA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Apple<\/em> prvu ranjivost nultog dana \u2013 ozna\u010denu kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-42916\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-42916<\/em><\/a>, defini\u0161e kao kao problem \u010ditanja van granica i mo\u017ee dozvoliti <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernim akterima<\/a> da otkriju osjetljive informacije tako \u0161to \u0107e namamiti \u017ertve na posebno kreiran Internet sadr\u017eaj.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Druga ranjivost je ozna\u010dena kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-42917\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-42917<\/em><\/a> se odnosi na o\u0161te\u0107enje podataka u memoriji (eng. <em>memory corruption<\/em>) omogu\u0107avaju\u0107i napada\u010dima da izvr\u0161e proizvoljan k\u00f4d na ciljanim ure\u0111ajima nakon \u0161to namame \u017ertve da posjete posebno kreiran Internet sadr\u017eaj.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ove dvije ranjivosti nultog dana su prona\u0111ene u <em>WebKit<\/em> pogonu pregleda\u010da (eng. <em>browser engine<\/em>) od strane sigurnosnog istra\u017eiva\u010da <em>Cl\u00e9ment Lecigne<\/em> iz <em>Google Threat Analysis Group<\/em> (<em>TAG<\/em>). Kompanija <em>Apple<\/em> priznaje da bi ove ranjivosti nultog dana mogle biti pod aktivnom eksploatacijom, \u0161to posebno uti\u010de na verzije <em>iOS<\/em> operativnog sistema starije od verzije <em>16.7.1<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Treba napomenuti i da drugi Internet pregleda\u010di dostupni na <em>iOS<\/em> i <em>iPadOS<\/em> operativnim sistemima, uklju\u010duju\u0107i <em>Google<\/em> <em>Chrome<\/em>, <em>Mozilla<\/em> <em>Firefox<\/em> i <em>Microsoft<\/em> <em>Edge<\/em> i ostali pokre\u0107e <em>WebKit<\/em> mehanizam za prikazivanje sadr\u017eaja zbog ograni\u010denja koje je nametnula kompanija <em>Apple,<\/em> \u0161to ga \u010dini veoma pogodnom <a href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/\" target=\"_blank\" rel=\"nofollow noopener\">povr\u0161inom napada<\/a> za mnoge zlonamjerne aktere.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"POGODENI_UREDAJI\"><\/span><span style=\"font-size: 14pt;\"><strong>POGO\u0110ENI<\/strong> <strong>URE\u0110AJI<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Lista pogo\u0111enih ure\u0111aja je prili\u010dno velika i obuhvata:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>iPhone<\/em> <em>XS<\/em> i novije<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>iPad Pro<\/em> <em>12.9<\/em>&#8221; druge generacije i novije, <em>iPad Pro 10.5<\/em>&#8220;, <em>iPad Pro 11<\/em>&#8221; prve generacije i novije, <em>iPad Air<\/em> tre\u0107e generacije i novije, <em>iPad<\/em> \u0161este generacije i novije i <em>iPad<\/em> mini pete generacije i novije<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Mac<\/em> ure\u0111aje sa <em>macOS<\/em> <em>Monterey<\/em>, <em>Ventura<\/em> i <em>Sonoma<\/em> operativnim sistemima.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Apple<\/em> ka\u017ee da je rije\u0161ila bezbjednosne propuste za ure\u0111aje koji koriste <em>iOS 17.1.2<\/em>, <em>iPadOS 17.1.2<\/em> i <em>macOS Sonoma<\/em> <em>14.1.2<\/em> operativne sisteme i <em>Safari 17.1.2<\/em> sa pobolj\u0161anom validacijom unosa i zaklju\u010davanjem. Pored toga se radi i na <em>watchOS 10.2<\/em> i <em>tvOS 17.2<\/em> verzijama koji bi trebale da budu dostupne za nedjelju ili dvije, a sadr\u017eava\u0107e ispravak za ovdje naveden ranjivosti.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Apple<\/em> nije pru\u017eila dodatne informacije u vezi sa iskori\u0161tavanjem ovih ranjivosti, ali su ranije otkrivene ranjivosti nultog dana u <em>iOS<\/em> operativnom sistemu kori\u0161\u0107eni za isporuku komercijalnog \u0161pijunskog softvera koji cilja na visokorizi\u010dne pojedince, kao \u0161to su aktivisti, disidenti, novinari i politi\u010dari.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ra\u010dunaju\u0107i ove dvije ranjivosti, kompanija <em>Apple<\/em> je otklonio \u010dak 20 aktivno zloupotrebljavanih ranjivosti nultog dana od po\u010detka 2023. godine.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Upozorenje o 2 Apple ranjivosti nultog dana koje se aktivno iskori\u0161tavaju za napad na korisnike iOS, iPadOS i macOS operativnih sistema, kao i Safari Internet pregleda\u010da. RANJIVOSTI NULTOG DANA Kompanija Apple prvu ranjivost nultog&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5728,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[323,186,336,144,595,126,381,236],"class_list":["post-5725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-apple","tag-ios","tag-ipados","tag-macos","tag-safari","tag-vulnerability","tag-webkit","tag-zero-day"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5725"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5725\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5728"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}