2018开年IT界就被漏洞狂轰滥炸

拼搏现实的明天。 2022-06-02 08:25 38阅读 0赞

可能大家已经听说的Intel、AMD、Apple的A系列、ARM等处理器的meltdown and spectre漏洞，这里有一个持续更新的[受影响CPU][CPU].

WD的网络存储设备NAS在1月8日也被曝出漏洞，具体技术细节在[这里][Link 1]，在写词博客的时候还没有解决办法。受影响的型号

*  MyCloud
 *  MyCloudMirror
 *  My Cloud Gen 2
 *  My Cloud PR2100
 *  My Cloud PR4100
 *  My Cloud EX2 Ultra
 *  My Cloud EX2
 *  My Cloud EX4
 *  My Cloud EX2100
 *  My Cloud EX4100
 *  My Cloud DL2100
 *  My Cloud DL4100

另外一个“黑客”，他可以通过对网页诸如而获得诸如你的信用卡信息、用户名和密码等等私人信息，他是通过 黑NPM来实现的，具体 [在这里][Link 2]。别说我只用微信和支付宝付款，这是一个思路，指不定被谁利用来干别的。

对于苹果系统的影响，Apple的所有更新都在这里： [https://support.apple.com/en-ca/HT201222][https_support.apple.com_en-ca_HT201222]

[https://support.apple.com/en-us/HT208397][https_support.apple.com_en-us_HT208397] About the security content of macOS High Sierra 10.13.2 Supplemental Update - Apple Support  
[https://support.apple.com/en-us/HT208401][https_support.apple.com_en-us_HT208401] About the security content of iOS 11.2.2 - Apple Support  
[https://support.apple.com/en-us/HT208403][https_support.apple.com_en-us_HT208403] About the security content of Safari 11.0.2 - Apple Support

Google Chrome的安全考虑，参考这个： [Increase security with site isolation - Google Chrome Help][]

[CPU]: https://www.techarp.com/guides/complete-list-cpus-meltdown-spectre/
[Link 1]: http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
[Link 2]: https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
[https_support.apple.com_en-ca_HT201222]: https://support.apple.com/en-ca/HT201222
[https_support.apple.com_en-us_HT208397]: https://support.apple.com/en-us/HT208397
[https_support.apple.com_en-us_HT208401]: https://support.apple.com/en-us/HT208401
[https_support.apple.com_en-us_HT208403]: https://support.apple.com/en-us/HT208403
[Increase security with site isolation - Google Chrome Help]: https://support.google.com/chrome/answer/7623121?hl=en