Shulou(Shulou.com)05/31 Report--

This article is to share with you about ZipperDown loophole analysis and repair suggestions, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, follow the editor to have a look.

So how to prevent the damage caused by ZipperDown vulnerabilities? Combined with the information disclosed at present and his own analysis, NetEase Yunyi Dun security experts give the following analysis and suggestions:

Loophole principle

The ZipperDown vulnerability is not a problem with the iOS platform itself, but is related to the decompression of Zip files. The iOS platform does not provide the official unzipAPI function, but refers to a third-party library to achieve the decompression function. Because the existing iOS App basically uses SSZipArchive or Ziparchive to decompress, the vulnerability is caused by the failure to check the file name in the Zip when decompressing the Zip file using the third-party Zip library. If the file name contains ".. /", you can jump to the next level of the directory, so as to achieve the jump of any directory within the application, and further achieve file coverage. If you replace the hotpatch file coverage of App, you can achieve the execution of instructions specified by the hacker, thus realizing any attack within the application in accordance with the intention of the hacker.

This vulnerability can not help but remind Yi Dun of the unZip extracted file vulnerability on the Android platform not long ago, which is almost exactly the same, except that the platform is different from the third-party decompression library. The vulnerability of unZip decompressed files on the Android platform has been scanned and detected by the NetEYun easy Shield security testing platform.

Repair suggestion

In the process of using a third-party decompression library to decompress Zip files, it is necessary to filter the internal file names of Zip. In addition, files that store critical data, such as Hotpatch remember to encrypt, verify legitimacy and integrity, and use HTTPS secure transport protocol to communicate, etc., you can also purchase Yi Dun's communication protocol to encrypt SDK to achieve maximum prevention.

To fix this vulnerability, you can refer to the unZip extracted file vulnerability fix solution of Android platform. The following is the fix scheme of Android platform:

Attack conditions:

A third-party decompression library is used.

The Zip package is not checked for integrity during decompression.

APP uses JSPatch or other execution engines, and the local script is not encrypted. It can be executed as long as the script is placed in the specified directory. The local script is not validated.

Connect unreliable WIFI hotspots to communicate.

The above is what the ZipperDown vulnerability analysis and repair advice is, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.