{"id":52709,"date":"2017-10-03T14:53:00","date_gmt":"2017-10-03T06:53:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=52709"},"modified":"2017-10-13T14:22:26","modified_gmt":"2017-10-13T06:22:26","slug":"%e7%ac%ac%e4%b8%80%e5%80%8b%e9%8e%96%e5%ae%9adirty-cow%e6%bc%8f%e6%b4%9e%e7%9a%84android%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94%e4%bb%a5%e8%89%b2%e6%83%85%e6%87%89%e7%94%a8%e7%a8%8b%e5%bc%8f%e7%82%ba","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=52709","title":{"rendered":"\u7b2c\u4e00\u500b\u9396\u5b9a Dirty COW\u6f0f\u6d1e\u7684Android\u60e1\u610f\u8edf\u9ad4,\u4ee5\u8272\u60c5\u61c9\u7528\u7a0b\u5f0f\u70ba\u990c,\u5077\u5077\u8a02\u95b1\u4ed8\u8cbb\u670d\u52d9"},"content":{"rendered":"

\u8da8\u52e2\u79d1\u6280\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u4e86\u7b2c\u4e00\u500b\u653b\u64ca Dirty COW\u6f0f\u6d1e\u7684Android \u60e1\u610f\u8edf\u9ad4: AndroidOS_ZNIU,\u5df2\u6709\u8d85\u904e30\u842c\u6b3eAndroid\u7a0b\u5f0f\u593e\u5e36ZNIU\u3002\u76ee\u524d\u8d85\u904e40\u500b\u570b\u5bb6\u5075\u6e2c\u5230\u8a72\u60e1\u610f\u8edf\u9ad4\uff0c\u4e3b\u8981\u51fa\u73fe\u5728\u4e2d\u570b\u548c\u5370\u5ea6, \u4f46\u7f8e\u570b\u3001\u65e5\u672c\u3001\u52a0\u62ff\u5927\u3001\u5fb7\u570b\u548c\u5370\u5c3c\u4e5f\u6709\u53d7\u5bb3\u8005\u3002\u76f4\u5230\u672c\u6587\u64b0\u5beb\u6642\uff0c\u6709\u8d85\u904e5000\u540d Android \u4f7f\u7528\u8005\u88ab\u611f\u67d3\u3002\u5728\u60e1\u610f\u7db2\u7ad9\u4e0a\u6709\u8d85\u904e1200\u96bb\u507d\u88dd\u6210\u8272\u60c5\u548c\u904a\u6232\u7684\u61c9\u7528\u7a0b\u5f0f,\u593e\u5e36\u80fd\u5920\u653b\u64ca Dirty COW\u6f0f\u6d1erootkit\u7684ZNIU\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n

2016\u5e74\u9996\u6b21\u66dd\u5149<\/a>\u7684Dirty COW\u70ba\u85cf\u533f\u65bcLinux\u7684\u63d0\u6b0a\u6f0f\u6d1e\uff08CVE-2016-5195\uff09\uff0c\u53ef\u5141\u8a31\u99ed\u5ba2\u53d6\u5f97\u76ee\u6a19\u7cfb\u7d71\u4e0a\u7684root\u6b0a\u9650\u3002\u6f0f\u6d1e\u88ab\u767c\u73fe<\/a>\u5728Linux\u5e73\u53f0,\u5305\u542bRedhat\u548c\u4f7f\u7528\u4e86Linux\u6838\u5fc3\u7684Android\u3002\u91dd\u5c0dAndroid\u7684Dirty COW\u653b\u64ca\u4e00\u76f4\u5230\u8fd1\u65e5\u624d\u51fa\u73fe\uff0c\u731c\u6e2c\u653b\u64ca\u8005\u82b1\u4e86\u8a31\u591a\u6642\u9593\u4f86\u958b\u767c\u80fd\u5920\u5728\u4e3b\u8981\u8a2d\u5099\u4e0a\u7a69\u5b9a\u57f7\u884c\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\u3002<\/p>\n

 <\/p>\n

\"Figure<\/p>\n

\u57161<\/em>\uff1a\u85cf\u6709ZNIU<\/em>\u7684\u8272\u60c5\u61c9\u7528\u7a0b\u5f0f<\/em><\/p>\n

 <\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u5728\u53bb\u5e74\u88fd\u4f5c\u904eDirty COW\u7684\u6982\u5ff5\u8b49\u660e\uff08POC\uff09\u7a0b\u5f0f\uff0c\u4e26\u4e14\u767c\u73fe\u6240\u6709\u7248\u672c\u7684Android\u4f5c\u696d\u7cfb\u7d71\u90fd\u6709\u6b64\u6f0f\u6d1e\uff0c\u4e0d\u904eZNIU\u5c0dDirty COW\u6f0f\u6d1e\u7684\u653b\u64ca\u53ea\u9650\u65bcARM\/x86 64\u4f4d\u5143\u67b6\u69cb\u7684Android\u8a2d\u5099\u3002\u53e6\u5916\uff0c\u6700\u8fd1\u7684\u9019\u6ce2\u653b\u64ca\u53ef\u4ee5\u7e5e\u904eSELinux\u4f86\u690d\u5165\u5f8c\u9580\u7a0b\u5f0f\uff0c\u800c PoC\u7a0b\u5f0f\u53ea\u80fd\u4fee\u6539\u7cfb\u7d71\u7684\u670d\u52d9\u7a0b\u5f0f\u78bc\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u76e3\u8996\u4e866\u500b ZNIU rootkit\uff0c\u5176\u4e2d4\u500b\u662fDirty COW\u6f0f\u6d1e\u653b\u64ca\u78bc\u3002\u53e6\u5916\u5169\u500b\u662fKingoRoot\uff08\u4e00\u500brooting\u61c9\u7528\u7a0b\u5f0f\uff09\u53caIovyroot\u6f0f\u6d1e\u653b\u64ca\u78bc\uff08CVE-2015-1805\uff09\u3002ZNIU\u4f7f\u7528KingoRoot\u548cIovyroot\u662f\u56e0\u70ba\u5b83\u5011\u53ef\u4ee5\u7834\u89e3ARM 32\u4f4d\u5143CPU\u7684\u8a2d\u5099\uff0c\u800c\u9019\u662fDirty COW rootkit\u6240\u505a\u4e0d\u5230\u7684\u3002<\/p>\n

\u611f\u67d3\u6d41\u7a0b<\/em><\/strong><\/p>\n

ZNIU\u60e1\u610f\u8edf\u9ad4\u7d93\u5e38\u507d\u88dd\u6210\u8272\u60c5\u61c9\u7528\u7a0b\u5f0f\u57cb\u4f0f\u5728\u60e1\u610f\u7db2\u7ad9\u4e0a,\u8a98\u9a19\u4f7f\u7528\u8005\u9ede\u64ca\u5b89\u88dd\u3002\u4e00\u4f46\u57f7\u884c\uff0cZNIU\u6703\u8ddfC&C\u4f3a\u670d\u5668\u9032\u884c\u901a\u8a0a\u3002\u5982\u679c\u6709\u53ef\u66f4\u65b0\u7684\u7a0b\u5f0f\u78bc\uff0c\u5b83\u6703\u5f9eC&C\u4f3a\u670d\u5668\u53d6\u5f97\u4e26\u8f09\u5165\u7cfb\u7d71\u3002\u540c\u6642\u6703\u5229\u7528Dirty COW\u6f0f\u6d1e\u4f86\u63d0\u5347\u672c\u5730\u7aef\u6b0a\u9650\uff0c\u89e3\u9664\u7cfb\u7d71\u9650\u5236\u548c\u690d\u5165\u5f8c\u9580,\u70ba\u672a\u4f86\u9060\u7aef\u63a7\u5236\u653b\u64ca\u92ea\u8def\u3002<\/p>\n

\"Figure<\/p>\n

\u57162\uff1aZNIU\u611f\u67d3\u93c8<\/em><\/p>\n

 <\/p>\n

\u9032\u5165\u8a2d\u5099\u4e3b\u756b\u9762\u5f8c\uff0c\u60e1\u610f\u8edf\u9ad4\u6703\u53d6\u5f97\u7528\u6236\u96fb\u4fe1\u696d\u8005\u7684\u8cc7\u8a0a,\u507d\u88dd\u6210\u8a2d\u5099\u6240\u6709\u4eba,\u5229\u7528\u57fa\u65bc\u7c21\u8a0a\u7684\u652f\u4ed8\u670d\u52d9\u8207\u96fb\u4fe1\u696d\u8005\u9032\u884c\u4ea4\u6613\u3002\u900f\u904e\u53d7\u5bb3\u8005\u7684\u884c\u52d5\u8a2d\u5099\uff0cZNIU\u80cc\u5f8c\u7684\u64cd\u4f5c\u8005\u53ef\u4ee5\u5229\u7528\u96fb\u4fe1\u696d\u8005\u7684\u4ed8\u8cbb\u670d\u52d9\u7372\u5229,\u6709\u500b\u6848\u4f8b\u662f\u5c07\u6b3e\u9805\u8f49\u81f3\u67d0\u500b\u4f4d\u65bc\u4e2d\u570b\u7684\u865b\u8a2d\u516c\u53f8\u3002\u7576\u4ea4\u6613\u7d50\u675f\u5f8c\uff0c\u60e1\u610f\u8edf\u9ad4\u6703\u522a\u9664\u8a2d\u5099\u4e0a\u7684\u4ea4\u6613\u8a0a\u606f\uff0c\u4e0d\u7559\u4e0b\u96fb\u4fe1\u696d\u8005\u548c\u60e1\u610f\u8edf\u9ad4\u64cd\u4f5c\u8005\u9593\u7684\u4ea4\u6613\u7d00\u9304\u3002\u5982\u679c\u662f\u4e2d\u570b\u4ee5\u5916\u7684\u96fb\u4fe1\u696d\u8005\uff0c\u5c31\u4e0d\u6703\u9032\u884c\u4ea4\u6613\uff0c\u4f46\u662f\u60e1\u610f\u8edf\u9ad4\u9084\u662f\u53ef\u4ee5\u653b\u64ca\u7cfb\u7d71\u6f0f\u6d1e\u4f86\u690d\u5165\u5f8c\u9580\u3002<\/p>\n

\"Figure<\/p>\n

\u57163<\/em>\uff1a\u5f9e\u60e1\u610f\u8edf\u9ad4\u9001\u7d66\u96fb\u4fe1\u696d\u8005\u7684\u4ea4\u6613\u8acb\u6c42<\/em><\/p>\n

 <\/p>\n

\u6bcf\u6708\u4eba\u6c11\u5e6320\u5143\u5c0f\u984d\u4ea4\u6613,\u907f\u514d\u9a5a\u52d5\u53d7\u5bb3\u8005<\/strong><\/em><\/p>\n

\u6839\u64da\u8da8\u52e2\u79d1\u6280<\/a>\u7684\u5206\u6790\uff0c\u60e1\u610f\u8edf\u9ad4\u4f3c\u4e4e\u53ea\u91dd\u5c0d\u4f7f\u7528\u4e2d\u570b\u96fb\u4fe1\u5546\u7684\u7528\u6236\u3002\u800c\u4e14\u50c5\u7ba1\u60e1\u610f\u8edf\u9ad4\u64cd\u4f5c\u8005\u53ef\u4ee5\u8a2d\u5b9a\u66f4\u9ad8\u91d1\u984d\u4f86\u5f9e\u6f0f\u6d1e\u653b\u64ca\u7372\u5f97\u66f4\u591a\u91d1\u9322\uff0c\u4f46\u9084\u662f\u523b\u610f\u7684\u5c07\u6bcf\u7b46\u4ea4\u6613\u6545\u610f\u8a2d\u70ba\u5c0f\u984d\uff08\u6bcf\u500b\u670820\u5143\u4eba\u6c11\u5e63\u62163\u7f8e\u5143\uff09\u4f86\u907f\u514d\u88ab\u767c\u73fe\u3002<\/p>\n

\"Figure<\/p>\n

\u57164<\/em>\uff1aSMS<\/em>\u4ea4\u6613\u622a\u5716<\/em><\/p>\n

<\/p>\n

\u56e0\u70ba\u5982\u679c\u5176\u4ed6\u61c9\u7528\u7a0b\u5f0f\u8981\u53d6\u7528\u8a2d\u5099\u7c21\u8a0a\u529f\u80fd\u6642\uff0cAndroid\u4f5c\u696d\u7cfb\u7d71\u6703\u5f37\u5236\u9032\u884c\u4f7f\u7528\u8005\u4e92\u52d5\u4f86\u53d6\u5f97\u6b0a\u9650\uff0cZNIU\u9700\u8981\u6700\u9ad8\u6b0a\u9650\u624d\u80fd\u5b8c\u6210\u653b\u64ca\u3002\u60e1\u610f\u8edf\u9ad4\u9084\u9700\u8981\u690d\u5165\u5f8c\u9580\u548c\u9060\u7aef\u8f09\u5165\u5176\u4ed6\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u4f86\u7e7c\u7e8c\u5f9e\u53d7\u5bb3\u8005\u8eab\u4e0a\u7372\u5229\u3002<\/p>\n

 <\/p>\n

\u4ed4\u7d30\u6aa2\u8996ZNIU Rootkit<\/em><\/strong><\/p>\n

 <\/p>\n

ZNIU rootkit\u53ef\u4ee5\u900f\u904e\u7368\u7acb\u5ee3\u64ad\u63a5\u6536\u5668\uff08BroadcastReciver\uff09\u4f86\u6574\u5408\u9032\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n

\"Figure<\/p>\n

\u57165<\/em>\uff1aZNIU<\/em>\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n

 <\/p>\n

\u60e1\u610f\u8edf\u9ad4\u53ef\u4ee5\u8f15\u6613\u5730\u5c07rootkit\u6ce8\u5165\u7b2c\u4e09\u65b9\u61c9\u7528\u7a0b\u5f0f\u800c\u4e0d\u6539\u8b8a\u5176\u4ed6\u5143\u4ef6\u3002\u9019\u7a2e\u505a\u6cd5\u88ab\u8a8d\u70ba\u6709\u52a9\u65bc\u5927\u898f\u6a21\u7684\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n

\u60e1\u610f\u8edf\u9ad4\u64cd\u4f5c\u8005\u6703\u52a0\u5bc6\u4e26\u5c01\u88ddZNIU\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u4f86\u52a0\u4ee5\u4fdd\u8b77\uff0c\u597d\u4e0d\u88ab\u975c\u614b\u9006\u5411\u5de5\u7a0b\u7834\u89e3\u3002\u7d93\u904e\u9032\u4e00\u6b65\u5730\u7814\u7a76\uff0c\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73fe\u4e00\u65e6\u4f7f\u7528\u8005\u5c07\u8a2d\u5099\u9023\u4e0a\u7db2\u8def\u6216\u63d2\u5165\u96fb\u6e90\uff0c\u5c31\u6703\u900f\u904e\u5ee3\u64ad\u63a5\u6536\u5668\uff08broadcastreceiver\uff09\u4f86\u555f\u52d5\u6f0f\u6d1e\u653b\u64ca\u3002\u7136\u5f8c\u60e1\u610f\u8edf\u9ad4\u5c31\u6703\u76f4\u63a5\u50b3\u9001\u4e26\u57f7\u884c\u60e1\u610f\u539f\u751f\u7a0b\u5f0f\u78bc\u3002<\/p>\n

\"Figure<\/p>\n

\u57166\uff1aZNIU\u672c\u6a5f\u7a0b\u5f0f\u78bc<\/p>\n

 <\/p>\n

ZNIU\u539f\u751f\u7a0b\u5f0f\u78bc\u7684\u4e3b\u8981\u5de5\u4f5c\u5982\u4e0b\uff1a<\/p>\n

    \n
  1. \u6536\u96c6\u8a2d\u5099\u7684\u578b\u865f\u8cc7\u8a0a\u3002<\/li>\n
  2. \u5f9e\u9060\u7aef\u4f3a\u670d\u5668\u53d6\u56de\u5408\u9069\u7684rootkit\u3002<\/li>\n
  3. \u89e3\u5bc6\u6f0f\u6d1e\u653b\u64ca\u78bc\u3002<\/li>\n
  4. \u9010\u4e00\u89f8\u767c\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u6aa2\u67e5\u7d50\u679c\u4e26\u522a\u9664\u6f0f\u6d1e\u653b\u64ca\u78bc\u6a94\u6848\u3002<\/li>\n
  5. \u56de\u5831\u6f0f\u6d1e\u653b\u64ca\u6210\u529f\u6216\u5931\u6557\u3002<\/li>\n<\/ol>\n

    \"Figure<\/p>\n

    \u57167<\/em>\uff1aZNIU<\/em>\u7db2\u8def\u6d3b\u52d5<\/em><\/p>\n

     <\/p>\n

    \u9060\u7aef\u6f0f\u6d1e\u653b\u64ca\u4f3a\u670d\u5668\u7db2\u5740\u53ca\u5ba2\u6236\u7aef\u548c\u4f3a\u670d\u5668\u9593\u7684\u901a\u8a0a\u4e5f\u90fd\u6709\u52a0\u5bc6\u3002\u4f46\u89e3\u5bc6\u5f8c\u5c31\u53ef\u4ee5\u9032\u4e00\u6b65\u5730\u767c\u73fe\u60e1\u610f\u6f0f\u6d1e\u653b\u64ca\u4f3a\u670d\u5668\u7684\u8a73\u7d30\u8cc7\u6599\uff0c\u63ed\u9732\u51fa\u5176\u7db2\u57df\u548c\u4f3a\u670d\u5668\u662f\u4f4d\u5728\u4e2d\u570b\u3002\u60e1\u610f\u6f0f\u6d1e\u653b\u64ca\u4f3a\u670d\u5668\u7684\u9023\u7d50\u53ef\u4ee5\u5728\u9644\u9304\u4e2d\u627e\u5230\u3002<\/p>\n

    \"Figure<\/p>\n

    \u57168<\/em>\uff1a\u5f8c\u7aef\u7684\u6f0f\u6d1e\u653b\u64ca\u7ba1\u7406\u4f3a\u670d\u5668<\/em><\/p>\n

     <\/p>\n

    \u4e0b\u8f09\u5b8c\u6210\u5f8c\uff0crootkit\u7684\u201cexp*.ziu\u201d\u6703\u7528ZLIB\u4f86\u89e3\u58d3\u5230\u201cexp*.inf\u201d\u3002<\/p>\n

    \"Figure<\/p>\n

    \u57169<\/em>\uff1aZLIB<\/em>\u89e3\u58d3\u7e2e\u4e00\u500bziu<\/em>\u6a94\u6848<\/em><\/p>\n

     <\/p>\n

    rootkit\u9700\u8981\u7684\u6240\u6709\u6a94\u6848\u88ab\u88dd\u5165\u4e00\u500b.inf\u6a94\u6848\uff0c\u4e26\u4f7f\u7528\u7531\u201culnz\u201d\u958b\u982d\u7684\u6a94\u540d\uff0c\u88e1\u9762\u5305\u542b\u6578\u500bELF\u6216\u8173\u672c\u6a94\u6848\u3002<\/p>\n

    \"Figure<\/a><\/p>\n

    Figure 10: Structure of the inf file<\/em><\/p>\n

    The ZNIU rootkit can arbitrarily write to vDSO (virtual dynamically linked shared object), which exports a set of kernel space functions to the user space so that applications perform better. The vDSO code runs in a kernel context, which does not have a SELinux limit.<\/p>\n

    ZNIU uses public exploit code to write shellcodes to vDSO and create a reverse shell. Then it patches the SELinux policy to disarm restrictions and plant a backdoor root shell.<\/p>\n

    \"Figure<\/p>\n

    \u571610<\/em>\uff1ainf<\/em>\u6a94\u6848\u7684\u7d50\u69cb<\/em><\/p>\n

     <\/p>\n

    ZNIU rootkit\u53ef\u4ee5\u96a8\u610f\u5beb\u5165vDSO\uff08\u865b\u64ec\u52d5\u614b\u5171\u4eab\u7269\u4ef6\uff09\uff0c\u5b83\u6703\u532f\u51fa\u4e00\u7d44\u6838\u5fc3\u7a7a\u9593\u51fd\u5f0f\u5230\u4f7f\u7528\u8005\u7a7a\u9593\uff0c\u597d\u8b93\u61c9\u7528\u7a0b\u5f0f\u8868\u73fe\u66f4\u597d\u3002vDSO\u7a0b\u5f0f\u78bc\u5728\u6838\u5fc3\u57f7\u884c\u74b0\u5883\u904b\u884c\u800c\u4e0d\u53d7SELinux\u7684\u9650\u5236\u3002<\/p>\n

     <\/p>\n

    ZNIU\u63a1\u7528\u516c\u958b\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\u4f86\u5c07shellcodes\u5beb\u5165vDSO\u4e26\u5efa\u7acb\u53cd\u5411\u6bbc\u5c64\uff08reverse shell\uff09\u3002\u7136\u5f8c\u5b83\u6703\u4fee\u88dcSELinux\u653f\u7b56\u4f86\u89e3\u9664\u9650\u5236\u548c\u690d\u5165\u5f8c\u9580\u3002<\/p>\n

    \"Figure<\/a><\/p>\n

    \u571611\uff1aDirty COW\u4fee\u88dcvDSO\u7a0b\u5f0f\u78bc<\/p>\n

     <\/p>\n

    \u89e3\u6c7a\u65b9\u6848<\/em><\/strong><\/p>\n

    \u4f7f\u7528\u8005\u61c9\u8a72\u53ea\u5b89\u88dd\u4f86\u81eaGoogle Play\u6216\u53d7\u4fe1\u4efb\u7b2c\u4e09\u65b9\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u7684\u8edf\u9ad4\uff0c\u4e26\u4e14\u4f7f\u7528\u884c\u52d5\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\uff08\u5982\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77<\/a>\uff09\u4f86\u5c01\u9396\u6703\u653b\u64caDirty COW\u7684\u5a01\u8105\u5f9e\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u88ab\u5b89\u88dd\u3002\u4f7f\u7528\u8005\u9084\u53ef\u4ee5\u806f\u7e6b\u8a2d\u5099\u5ee0\u5546\u6216\u96fb\u4fe1\u696d\u8005\u4f86\u53d6\u5f97\u6b64\u6f0f\u6d1e\u7684\u4fee\u88dc\u7a0b\u5f0f\u3002<\/p>\n

    \u8da8\u52e2\u79d1\u6280\u7684\u884c\u52d5\u61c9\u7528\u7a0b\u5f0f\u4fe1\u8b7d\u8a55\u6bd4\u670d\u52d9<\/a>\uff08MARS\uff09\u4f7f\u7528\u696d\u754c\u9818\u5148\u7684\u6c99\u7bb1\u548c\u6a5f\u5668\u5b78\u7fd2\u6280\u8853\u4f86\u6db5\u84cbAndroid\u548ciOS\u5a01\u8105\u3002\u53ef\u4ee5\u4fdd\u8b77\u4f7f\u7528\u8005\u5c0d\u6297\u60e1\u610f\u8edf\u9ad4\u3001\u96f6\u6642\u5dee\u548c\u5df2\u77e5\u6f0f\u6d1e\u653b\u64ca\u3001\u96b1\u79c1\u5916\u6d29\u548c\u61c9\u7528\u7a0b\u5f0f\u6f0f\u6d1e\u3002<\/p>\n

    \u4f01\u696d\u7528\u6236\u4e5f\u61c9\u8a72\u8003\u616e\u5b89\u88dd\u89e3\u6c7a\u65b9\u6848\uff0c\u5982\u8da8\u52e2\u79d1\u6280\u7684\u884c\u52d5\u5b89\u5168\u9632\u8b77\u4f01\u696d\u7248<\/a>\u5177\u5099\u4e86\u8a2d\u5099\u7ba1\u7406\u3001\u8cc7\u6599\u4fdd\u8b77\u3001\u61c9\u7528\u7a0b\u5f0f\u7ba1\u7406\u3001\u5408\u898f\u7ba1\u7406\u3001\u914d\u7f6e\u8a2d\u7f6e\u7b49\u529f\u80fd\uff0c\u8b93\u4f01\u696d\u53ef\u4ee5\u5728\u96b1\u79c1\u548c\u5b89\u5168\u8207BYOD\u8a08\u756b\u6240\u5e36\u4f86\u7684\u9748\u6d3b\u6027\u548c\u52a0\u500d\u751f\u7522\u529b\u9593\u53d6\u5f97\u5e73\u8861\u3002<\/p>\n

    ZNIU\u76f8\u95dc\u96dc\u6e4a\u503c\uff08SHA256\uff09\u3001\u5957\u4ef6\u540d\u7a31\u548c\u61c9\u7528\u7a0b\u5f0f\u6a19\u7c64\u7684\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\u5217\u8868\u53ef\u4ee5\u5728\u6b64\u9644\u9304<\/a>\u4e2d\u53d6\u5f97\u3002<\/p>\n

    \u8da8\u52e2\u79d1\u6280<\/a>\u9032\u4e00\u6b65\u89c0\u5bdf\u767c\u73fe\u6709\u8d85\u904e30\u842c\u7b46\u5e36\u6709ZNIU\u60e1\u610f\u8edf\u9ad4\u7684\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\uff0c\u5176\u4e2d\u8d85\u904e14\u842c\u6709\u7368\u7279\u7684\u6a19\u7c64\u3002\u6211\u5011\u9084\u767c\u73fe\u90e8\u5206\u6a23\u672c\u7684\u61c9\u7528\u7a0b\u5f0f\u6a19\u7c64\u5c07\u6df7\u6dc6\u7684\u7b26\u865f\u548c\u5b57\u5143\u63d2\u5165\u540d\u7a31\u4e2d\u3002\u9019\u7a2e\u505a\u6cd5\u662f\u70ba\u4e86\u907f\u514d\u88ab\u5075\u6e2c\u3002\u9019\u4e9b\u6a23\u672c\u7684\u9644\u9304\u53ef\u4ee5\u5728\u6b64<\/a>\u53d6\u5f97\u3002<\/p>\n

     <\/p>\n

    @\u539f\u6587\u51fa\u8655\uff1aZNIU: First Android Malware to Exploit Dirty COW Vulnerability<\/a><\/p>\n

    \u4f5c\u8005\uff1aJason Gu\u3001Veo Zhang\u548cSeven Shen\uff08\u884c\u52d5\u5a01\u8105\u53cd\u61c9\u5c0f\u7d44<\/a>\uff09<\/p>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    \u8da8\u52e2\u79d1\u6280\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u4e86\u7b2c\u4e00\u500b\u653b\u64ca Dirty COW\u6f0f\u6d1e\u7684Android \u60e1\u610f\u8edf\u9ad4: AndroidOS_ZN […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[17,2081,1588,15],"tags":[2274,3001,392,2292],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52709"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52709"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52709\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}