{"id":6968,"date":"2015-04-03T01:04:32","date_gmt":"2015-04-02T16:04:32","guid":{"rendered":"http:\/\/begi.net\/news\/?p=6968"},"modified":"2015-03-31T11:04:55","modified_gmt":"2015-03-31T02:04:55","slug":"android%e3%80%8cpackageinstaller%e3%80%8d%e3%81%ae49-5%ef%bc%85%e3%81%ab%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e3%82%92%e7%9b%97%e3%81%be%e3%82%8c%e3%82%8b%e8%84%86%e5%bc%b1%e6%80%a7","status":"publish","type":"post","link":"https:\/\/begi.net\/news\/archives\/6968.html","title":{"rendered":"Android\u300cPackageInstaller\u300d\u306e49.5\uff05\u306b\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u76d7\u307e\u308c\u308b\u8106\u5f31\u6027"},"content":{"rendered":"<p><A HREF=\"http:\/\/www.paloaltonetworks.com\/\">Palo Alto Networks<\/A>\u306f3\u670826\u65e5\uff08\u73fe\u5730\u6642\u9593\uff09\u3001Android\u306e\u300cPackageInstaller\u300d\u306b\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u76d7\u307e\u308c\u308b\u8106\u5f31\u6027\u304c\u5b58\u5728\u3059\u308b\u3068\u767a\u8868\u3057\u305f\u3002<\/p>\n<p>\u3053\u306e\u8106\u5f31\u6027\u306f\u30012014\u5e741\u6708\u306b\u540c\u793e\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u3082\u306e\u3067\u3001\u4ee5\u6765Google\u306a\u3069\u304c\u8106\u5f31\u6027\u306e\u4fee\u6b63\u306b\u53d6\u308a\u7d44\u3093\u3067\u3044\u308b\u304c\u3001\u73fe\u6642\u70b9\u3067\u3082Android\u306e49.5\uff05\u306b\u3053\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3059\u308b\u3068\u3044\u3046\u3002<\/p>\n<p>\u767a\u8868\u306b\u3088\u308b\u3068\u3001PackageInstaller\u306bTime-of-Check to Time-of-Use(TOCTTOU)\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u30e6\u30fc\u30b6\u304c\u7121\u5bb3\u3068\u8003\u3048\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u30a2\u30d7\u30ea\u3067\u3042\u3063\u3066\u3082\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30d7\u30ed\u30bb\u30b9\u304c\u4e57\u3063\u53d6\u3089\u308c\u3001\u60aa\u610f\u306e\u3042\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u611f\u67d3\u3057\u305f\u30a2\u30d7\u30ea\u306b\u7f6e\u304d\u63db\u308f\u3063\u3066\u3057\u307e\u3046\u3068\u3044\u3046\u3082\u306e\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u30e6\u30fc\u30b6\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u306e\u60c5\u5831\u3092\u76d7\u3080\u3053\u3068\u304c\u53ef\u80fd\u306b\u306a\u3063\u3066\u3057\u307e\u3046\u3002\u306a\u304a\u3001\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u88fd\u306e\u30a2\u30d7\u30ea\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u5834\u5408\u306b\u306e\u307f\u73fe\u308c\u308b\u3002<\/p>\n<p>\u3053\u306e\u8106\u5f31\u6027\u306f\u3001Android 4.4\u4ee5\u964d\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u308b\u3002\u307e\u305f\u3001\u3053\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3059\u308b\u304b\u5426\u304b\u306f\u3001<A HREF=\"https:\/\/play.google.com\/store\/apps\/details?id=com.paloaltonetworks.ctd.ihscanner\">Installer Hijacking Scanner<\/A>\u3068\u3044\u3046\u30a2\u30d7\u30ea\u3067\u5224\u5b9a\u3067\u304d\u308b\u3068\u3044\u3046\u3002<\/p>\n<p align=\"right\">(\u5ddd\u539f \u9f8d\u4eba\/\u3073\u304e\u306d\u3063\u3068)<\/p>\n<p><b>[\u95a2\u9023\u30ea\u30f3\u30af]<\/b><br \/>\n<A HREF=\"http:\/\/researchcenter.paloaltonetworks.com\/2015\/03\/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware\/\">\u30d7\u30ec\u30b9\u30ea\u30ea\u30fc\u30b9<\/A><br \/>\n<A HREF=\"https:\/\/play.google.com\/store\/apps\/details?id=com.paloaltonetworks.ctd.ihscanner\">Installer Hijacking Scanner<\/A><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks\u306f3\u670826\u65e5\uff08\u73fe\u5730\u6642\u9593\uff09\u3001Android\u306e\u300cPackageInstaller\u300d\u306b\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u76d7\u307e\u308c\u308b\u8106\u5f31\u6027\u304c\u5b58\u5728\u3059\u308b\u3068\u767a\u8868\u3057\u305f\u3002 \u3053\u306e\u8106\u5f31\u6027\u306f\u30012014\u5e741\u6708\u306b\u540c\u793e\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u3082 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-6968","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/posts\/6968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/comments?post=6968"}],"version-history":[{"count":1,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/posts\/6968\/revisions"}],"predecessor-version":[{"id":6969,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/posts\/6968\/revisions\/6969"}],"wp:attachment":[{"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/media?parent=6968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/categories?post=6968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/begi.net\/news\/wp-json\/wp\/v2\/tags?post=6968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}