{"id":10519,"date":"2022-02-14T13:39:14","date_gmt":"2022-02-14T10:39:14","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10519"},"modified":"2022-05-05T14:25:09","modified_gmt":"2022-05-05T11:25:09","slug":"webkit-vulnerability-cve-2022-22620","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/webkit-vulnerability-cve-2022-22620\/10519\/","title":{"rendered":"WebKit&#8217;te tehlikeli bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunuyor, iOS&#8217;u g\u00fcncelleyin"},"content":{"rendered":"<p>Apple, iOS ve iPadOS i\u00e7in <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22620\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-22620<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatan acil bir g\u00fcncelleme yay\u0131nlad\u0131. \u015eirketin g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan bilinmeyen akt\u00f6rler taraf\u0131ndan aktif olarak yararlan\u0131ld\u0131\u011f\u0131na inanmak i\u00e7in nedenleri bulunuyor, bu nedenle cihazlar\u0131n m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede g\u00fcncellenmesini <a href=\"https:\/\/support.apple.com\/en-us\/HT213093\" target=\"_blank\" rel=\"noopener nofollow\">tavsiye ediyor<\/a>.<\/p>\n<h2>CVE-2022-22620 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 neden tehlikeli<\/h2>\n<p>Her zamanki gibi Apple uzmanlar\u0131, inceleme tamamlanana ve kullan\u0131c\u0131lar\u0131n \u00e7o\u011fu yamalar\u0131 y\u00fckleyene kadar g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ayr\u0131nt\u0131lar\u0131n\u0131 a\u00e7\u0131klam\u0131yor. \u015eu anda g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n yaln\u0131zca <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/use-after-free\/\" target=\"_blank\" rel=\"noopener\">Use-After-Free (UAF)<\/a> s\u0131n\u0131f\u0131na ait oldu\u011funu, dolay\u0131s\u0131yla uygulamalarda dinamik belle\u011fin yanl\u0131\u015f kullan\u0131m\u0131yla ilgili oldu\u011funu s\u00f6yl\u00fcyorlar. Bu a\u00e7\u0131ktan yararlan\u0131lmas\u0131, sald\u0131rgan\u0131n, i\u015flemin kurban\u0131n cihaz\u0131nda rastgele kod y\u00fcr\u00fct\u00fclmesine yol a\u00e7abilecek k\u00f6t\u00fc ama\u00e7l\u0131 web i\u00e7eri\u011fi olu\u015fturmas\u0131na olanak tan\u0131yor.<\/p>\n<p>Basit\u00e7e s\u00f6ylemek gerekirse en olas\u0131 sald\u0131r\u0131 senaryosu, k\u00f6t\u00fc ama\u00e7l\u0131 bir web sayfas\u0131n\u0131 ziyaret ettikten sonra bir iPhone veya iPad cihaz\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n bula\u015fmas\u0131.<\/p>\n<h2>Hangi cihazlar ve uygulamalar CVE-2022-22620 a\u00e7\u0131\u011f\u0131na kar\u015f\u0131 savunmas\u0131z?<\/h2>\n<p>Hatan\u0131n a\u00e7\u0131klamas\u0131na bak\u0131l\u0131rsa g\u00fcvenlik a\u00e7\u0131\u011f\u0131, macOS, iOS ve Linux\u2019taki bir\u00e7ok uygulamada kullan\u0131lan WebKit motorunda bulundu. \u00d6zellikle, iOS ve iPadOS i\u00e7in t\u00fcm taray\u0131c\u0131lar bu a\u00e7\u0131k kaynak motorunu temel al\u0131r \u2014 yani yaln\u0131zca iPhone\u2019da kullan\u0131lan varsay\u0131lan taray\u0131c\u0131 Safari de\u011fil, ayn\u0131 zamanda Google Chrome, Mozilla Firefox ve di\u011fer taray\u0131c\u0131lar da buna dahil. Yani Safari kullanmasan\u0131z bile bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 sizi do\u011frudan etkiliyor.<\/p>\n<p>Apple, iPhone 6s ve daha yeni cihazlar i\u00e7in g\u00fcncelleme yay\u0131nlad\u0131; t\u00fcm iPad Pro t\u00fcm modelleri, 2. nesil iPad Air ve daha sonrakiler, 5. nesil ve sonras\u0131ndaki iPad\u2019ler, 4. nesil ve sonras\u0131ndaki iPad miniler ve 7. nesil ve sonras\u0131ndaki iPod touch medya oynat\u0131c\u0131lar.<\/p>\n<h2>Kendinizi koruman\u0131n yollar\u0131<\/h2>\n<p>Apple\u2019\u0131n 10 \u015eubat\u2019ta yay\u0131nlad\u0131\u011f\u0131 yamalar, bellek y\u00f6netim mekanizmalar\u0131n\u0131 de\u011fi\u015ftirerek CVE-2022-22620\u2019nin k\u00f6t\u00fcye kullan\u0131lmas\u0131n\u0131 engelliyor. Bu y\u00fczden cihaz\u0131n\u0131z\u0131 korumak i\u00e7in iOS 15.3.1 ve iPadOS 15.3.1 g\u00fcncellemelerini y\u00fcklemeniz yeterli olacakt\u0131r. Yamay\u0131 y\u00fcklemek i\u00e7in cihaz\u0131n\u0131z\u0131n bir Wi-Fi a\u011f\u0131na ba\u011fl\u0131 olmas\u0131 gereklidir.<\/p>\n<p>Cihaz\u0131n\u0131z hen\u00fcz g\u00fcncellemenin y\u00fcklemeye haz\u0131r oldu\u011funa dair bir bildirim g\u00f6stermiyorsa, sisteminizi biraz daha h\u0131zl\u0131 g\u00fcncelleme konusunda zorlayabilirsiniz: Sistem ayarlar\u0131na girin (Ayarlar \u2192 Genel \u2192 Yaz\u0131l\u0131m g\u00fcncellemesi) ve yaz\u0131l\u0131m g\u00fcncellemelerinin olup olmad\u0131\u011f\u0131n\u0131 kontrol edin.<\/p>\n<p>Do\u011frudan cihazlar\u0131n\u0131z\u0131 ve uygulamalar\u0131n\u0131z\u0131 ilgilendiren son siber tehditler hakk\u0131nda uyar\u0131lar almak i\u00e7in Windows, macOS, Android ve iOS i\u015fletim sistemleri i\u00e7in mevcut olan <a href=\"https:\/\/www.kaspersky.com.tr\/advert\/security-cloud?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___\" target=\"_blank\" rel=\"noopener\">Kaspersky Security Cloud<\/a>\u2018\u0131 kullanman\u0131z\u0131 \u00f6neriyoruz. Kulland\u0131\u011f\u0131n\u0131z yaz\u0131l\u0131mda yeni bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 veya ziyaret etti\u011finiz internet sitesinde bir veri s\u0131z\u0131nt\u0131s\u0131 tespit edildi\u011finde, kendinizi nas\u0131l koruyaca\u011f\u0131n\u0131z konusunda tavsiyeler i\u00e7eren bir bildirim al\u0131rs\u0131n\u0131z.<\/p>\n<p><strong><input type=\"hidden\" class=\"category_for_banner\" value=\"ksc\"><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WebKit&#8217;teki (CVE-2022-22620) tehlikeli g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n hackerlar taraf\u0131ndan aktif olarak kullan\u0131ld\u0131\u011f\u0131na inan\u0131l\u0131yor. iOS cihazlar\u0131n\u0131z\u0131 en k\u0131sa s\u00fcrede g\u00fcncelleyin!<\/p>\n","protected":false},"author":2706,"featured_media":10520,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[14,790,750,100,2533,26],"class_list":{"0":"post-10519","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-apple","9":"tag-guvenlik-aciklari","10":"tag-ios","11":"tag-ipad","12":"tag-ipados","13":"tag-iphone"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/webkit-vulnerability-cve-2022-22620\/10519\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/webkit-vulnerability-cve-2022-22620\/23891\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/webkit-vulnerability-cve-2022-22620\/19388\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/webkit-vulnerability-cve-2022-22620\/9737\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/webkit-vulnerability-cve-2022-22620\/26140\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/webkit-vulnerability-cve-2022-22620\/24101\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/webkit-vulnerability-cve-2022-22620\/23907\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/webkit-vulnerability-cve-2022-22620\/26913\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/webkit-vulnerability-cve-2022-22620\/26450\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/webkit-vulnerability-cve-2022-22620\/32366\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/webkit-vulnerability-cve-2022-22620\/43650\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/webkit-vulnerability-cve-2022-22620\/18550\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/webkit-vulnerability-cve-2022-22620\/18968\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/webkit-vulnerability-cve-2022-22620\/15799\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/webkit-vulnerability-cve-2022-22620\/28140\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/webkit-vulnerability-cve-2022-22620\/32416\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/webkit-vulnerability-cve-2022-22620\/28109\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/webkit-vulnerability-cve-2022-22620\/24822\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/webkit-vulnerability-cve-2022-22620\/30235\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/webkit-vulnerability-cve-2022-22620\/30024\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/ios\/","name":"iOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10519"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10519\/revisions"}],"predecessor-version":[{"id":10521,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10519\/revisions\/10521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10520"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}