{"id":2344,"date":"2016-08-17T07:30:54","date_gmt":"2016-08-17T11:30:54","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2344"},"modified":"2019-11-15T14:58:23","modified_gmt":"2019-11-15T11:58:23","slug":"flash-exploit-patent","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/flash-exploit-patent\/2344\/","title":{"rendered":"Flash&#8217;\u0131n zararlar\u0131ndan korunma"},"content":{"rendered":"<p>\u00d6ncelikle size k\u0131saca yaz\u0131m\u0131z\u0131n genel konusu olan exploit\u2019ten bahsedelim. Wikipedia\u2019ya g\u00f6re tan\u0131m\u0131 \u015fudur; Exploit (\u0130ngilizce: to exploit \u2013 k\u00f6t\u00fcye kullanmak) bir bilgisayar program\u0131d\u0131r veya bir script, bilgisayar programlar\u0131nda bulunan zay\u0131fl\u0131k veya hatalar i\u00e7in kullan\u0131l\u0131r.<\/p>\n<p>K\u0131saca \u00f6zetlememiz gerekirse, programdaki a\u00e7\u0131klar\u0131 kullanarak bilgisayar\u0131n\u0131za zarar verme i\u015flemine exploit diyoruz. Yaz\u0131m\u0131z\u0131n geri kalan\u0131nda s\u00f6m\u00fcr\u00fclebilir ve zarar vermeye a\u00e7\u0131k olarak bahsedece\u011fiz. <\/p>\n<p>\u015eimdi, Adobe Flash hakk\u0131nda ne d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fcn\u00fcz\u00fc s\u00f6yleyin, cevab\u0131n\u0131za g\u00f6re siber g\u00fcvenlik i\u015finde \u00e7al\u0131\u015f \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131z\u0131 s\u00f6yleyelim. Bir\u00e7ok insan i\u00e7in Flash sadece izlemek istedi\u011fi videolardan \u00f6nce taray\u0131c\u0131n\u0131n g\u00fcncellemek istedi\u011fi bir \u015fey. Teknik a\u00e7\u0131dan bilgili olanlar ise g\u00fcvensiz platformlarda gelen g\u00fcncelleme isteklerinin hasara yol a\u00e7abilece\u011finin fark\u0131nda. <\/p>\n<p>Asl\u0131na bakarsan\u0131z, Adobe Flash bizim <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/73038\/kaspersky-security-bulletin-2015-overall-statistics-for-2015\/\" target=\"_blank\" rel=\"noopener noreferrer\">2015\u2019in en s\u00f6m\u00fcr\u00fclebilir (zarar vermeye a\u00e7\u0131k) programlar\u0131m\u0131z listesi<\/a>nde ba\u015f\u0131 \u00e7ekiyor. Bu listedeki di\u011fer pop\u00fcler programlar ise Java, Adobe Reader, Microsoft Office ve Silverlight. Ama Flash\u2019\u0131n listedeki en pop\u00fcler program olmas\u0131n\u0131n sebebi, hayli fazla \u015fekilde g\u00fcvenlik a\u00e7\u0131klar\u0131 olmas\u0131 ve kullan\u0131c\u0131lar taraf\u0131ndan s\u0131k s\u0131k g\u00fcncellemesi gerekmesine ra\u011fmen g\u00fcncellenmemesi. <\/p>\n<p>Bu arada Kaspersky Lab\u2019\u0131n bu tarz exploitleri engelleyen, \u00f6zellikle Flash\u2019\u0131n a\u00e7\u0131klar\u0131na etkili \u015fekilde durdurabilen teknolojimizin patenti oldu\u011funu belirtmekten mutluluk duyar\u0131z. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"tr\" dir=\"ltr\">Bir\u00e7o\u011funuzun fark\u0131nda bile olmad\u0131\u011f\u0131 b\u00fcy\u00fck tehlike olan Bad USB\u2019ler i\u00e7in bizim \u00e7\u00f6z\u00fcm\u00fcm\u00fcz <a href=\"https:\/\/t.co\/Th0Lk8S3MT\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Th0Lk8S3MT<\/a> <a href=\"https:\/\/t.co\/VOhqs56eZn\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/VOhqs56eZn<\/a><\/p>\n<p>\u2014 Kaspersky T\u00fcrkiye (@KasperskyTR) <a href=\"https:\/\/twitter.com\/KasperskyTR\/status\/753919141543833600?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 15, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Flash\u2019\u0131n expolitleri neden farkl\u0131? <\/strong><br>\nHemen cevap verelim. K\u0131saca cevap vermek i\u00e7in \u00f6ncelikle ge\u00e7mi\u015fe g\u00f6z atal\u0131m. Temel olarak bilgisayar\u0131n\u0131za zarar vermenin iki yolu var. \u0130lk y\u00f6ntem, sizin direkt olarak etkin olman\u0131z: zararl\u0131 yaz\u0131l\u0131mlar\u0131 indirmeniz, \u00e7al\u0131\u015ft\u0131rman\u0131z, zararl\u0131 linke t\u0131klaman\u0131z vb. <\/p>\n<p>\u0130kinci y\u00f6ntemde ise hi\u00e7bir \u015fey yapman\u0131za gerek yok. Bu senaryoda ise, siber su\u00e7lular i\u015fletim sisteminizde ya da kulland\u0131\u011f\u0131n\u0131z herhangi bir programda zarar vermeye a\u00e7\u0131k bir nokta ar\u0131yorlar. E\u011fer internet taray\u0131c\u0131n\u0131z\u0131n zarar vermeye a\u00e7\u0131k noktas\u0131 varsa, sadece bir tane zararl\u0131 internet sitesine girmeniz yeterli olacakt\u0131r. (Blog takip\u00e7ilerimiz ne kadar \u00e7ok zararl\u0131 site olabilece\u011finin fark\u0131ndad\u0131r.)<\/p>\n<p>Siber su\u00e7lular aras\u0131nda en kolay olmas\u0131 sebebiyle en pop\u00fcler y\u00f6ntem web site exploitleri. Asl\u0131nda zarar vermeye a\u00e7\u0131k olup olmamas\u0131 pek \u00f6nemli de\u011fil; genellikle Java ya da Adobe Flash Player bile\u015fenlerine eri\u015fim sa\u011flamalar\u0131 yeterli oluyor, \u00e7\u00fcnk\u00fc bu bile\u015fenler internet sitedeki videolar\u0131 oynatmaktan sorumlu k\u0131s\u0131m.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/exploit?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#exploit<\/a> kits spreading attacks for recent <a href=\"https:\/\/twitter.com\/hashtag\/Flash?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Flash<\/a> player zero day via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/t.co\/0s3GOKldGz\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/0s3GOKldGz<\/a> <a href=\"https:\/\/t.co\/H5029jCqd1\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/H5029jCqd1<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/734851478192553984?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 23, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Flash ile a\u00e7\u0131lan videolar\u0131 program ile a\u00e7\u0131lm\u0131\u015f dosyalar olarak d\u00fc\u015f\u00fcnmeyin, kendileri de programm\u0131\u015f gibi d\u00fc\u015f\u00fcn\u00fcn. Sisteminizdeki Adobe Flash  bile\u015fenleri yard\u0131m\u0131yla, internet sitesindeki di\u011fer i\u00e7eriklerle beraber indirilir ama ayr\u0131 ayr\u0131 y\u00fcr\u00fct\u00fcl\u00fcr. Basit g\u00f6z\u00fckebilir ama i\u015fleme prosed\u00fcr\u00fc asl\u0131nda biraz kar\u0131\u015f\u0131kt\u0131r. Bu programlar\u0131 g\u00fcvenli \u00e7al\u0131\u015ft\u0131rmak i\u00e7in, Adobe Flash kendi sanal ortam\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131r \u2013 di\u011fer bir deyi\u015fle, bu program bilgisayar\u0131n\u0131z\u0131n i\u00e7inde olu\u015fturulmu\u015f sanal bir bilgisayarda \u00e7al\u0131\u015f\u0131rlar. <\/p>\n<p><strong>Yani sanal makine Flash\u2019\u0131 g\u00fcvenli hale getiriyor?<\/strong><br>\nHarika bir soru! Flash dosyalar\u0131 korunmu\u015f sanal ortamda \u00e7al\u0131\u015ft\u0131r\u0131yor, \u00e7\u00fcnk\u00fc internetin herhangi bir yerinden gelen kodlar\u0131 \u00e7al\u0131\u015ft\u0131rmak zararl\u0131 olabilir. T\u00fcm kodlar\u0131 sanal makinede \u00e7al\u0131\u015ft\u0131rmak \u015fu anlama geliyor, e\u011fer internetten herhangi bir kod bilgisayar\u0131n\u0131za bir \u015fey indirmeye \u00e7al\u0131\u015f\u0131rsa, dosyalar\u0131n\u0131za, belgelerinize ya da kritik sistem birle\u015fenlerine eri\u015femez. Evet, teorik olarak bu do\u011fru. Ancak pratikte, exploitler Flash\u2019\u0131n sanalla\u015ft\u0131rma gibi g\u00fcvenlik a\u015famalar\u0131n\u0131, yine Adobe Flash\u2019\u0131n a\u00e7\u0131klar\u0131n\u0131 kullanarak a\u015fabiliyorlar.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Wait for it\u2026 <a href=\"https:\/\/twitter.com\/hashtag\/Adobe?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Adobe<\/a> patches 52 <a href=\"https:\/\/twitter.com\/hashtag\/flash?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#flash<\/a> vulnerabilities  via <a href=\"https:\/\/twitter.com\/Mike_Mimoso?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Mike_Mimoso<\/a> <a href=\"https:\/\/t.co\/qyhs7rY2b8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/qyhs7rY2b8<\/a> on <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/IT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#IT<\/a> <a href=\"https:\/\/t.co\/Qu8D4MeLpp\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Qu8D4MeLpp<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/752928247864823809?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 12, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Ba\u015fka bir konu: Flash program\u0131n\u0131n sanal makinesi ve bu dosyalar\u0131n yap\u0131s\u0131, onlar\u0131n k\u00f6t\u00fc niyetini sistemden gizler. Hackerlar\u0131n her kurban i\u00e7in ayr\u0131 ayr\u0131 e\u015fsiz dosyalar haz\u0131rlamas\u0131 bile m\u00fcmk\u00fcnd\u00fcr.<\/p>\n<p>Bu da geleneksel anti vir\u00fcs programlar\u0131n\u0131n tehdit alg\u0131lama \u00f6zelli\u011fi i\u00e7in \u00f6zel bir sorun olu\u015fturur \u2013 genellikle tehdit alg\u0131lama \u00f6zellikleri inan\u0131lmaz b\u00fcy\u00fckl\u00fckteki \u2018daha \u00f6nce bulunmu\u015flar\u2019 listesine dayal\u0131d\u0131r. Milyonlarca exploit ayn\u0131 \u015fekilde i\u015fler, ama g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc i\u00e7in, \u00e7ok daha farkl\u0131 g\u00f6r\u00fcn\u00fcrler. Dahas\u0131, Adobe Flash programlar\u0131 herhangi bir programlama dilinde yaz\u0131labilir, ve bu noktada sistemin zararl\u0131 i\u00e7erikleri bulmas\u0131ndan sorumlu k\u0131sma Flash\u2019\u0131n olmas\u0131 gereken dosyalar\u0131 aras\u0131nda tan\u0131mlar. <\/p>\n<p><strong>E\u011fer dosya isimlerine g\u00fcvenmiyorsan\u0131z, ve sanalla\u015ft\u0131rma \u00e7evresi de g\u00fcvenli de\u011filse, ne yapabilirsiniz? <\/strong><br>\nBu soru g\u00fcvenlik uzmanlar\u0131n\u0131 kafas\u0131n\u0131 uzun bir s\u00fcre kar\u0131\u015ft\u0131rd\u0131. Zararl\u0131 kodlar \u00e7al\u0131\u015ft\u0131r\u0131lmadan \u00f6nce tan\u0131mlamak zorunday\u0131z. Teorik olarak, Adobe Flash kodu \u00e7al\u0131\u015ft\u0131rmadan \u00f6nce kendi sanal makinemizde \u00e7al\u0131\u015ft\u0131rabiliriz, ama bu yakla\u015f\u0131m pratikte \u00e7ok karma\u015f\u0131k ve g\u00fcnl\u00fck kullan\u0131m i\u00e7in uygun de\u011fil. <\/p>\n<p><strong>E\u011fer exploit oldu\u011fundan \u015f\u00fcpheleniyorsan\u0131z\u2026<\/strong><br>\n\u0130\u015fte burada Kaspersky Lab\u2019\u0131n yeni teknolojisi devreye giriyor. Anton Ivanov ve Alexander Liskin taraf\u0131ndan yarat\u0131lan bu teknoloji, \u015f\u00fcpheli kodu canland\u0131rmaya dayan\u0131yor. Bu y\u00f6ntemimiz  \u00e7oklu benzer objelere ufak farkl\u0131l\u0131klarla sahip olan kodlar\u0131 daha az zamanda analiz edebiliyoruz. Geli\u015ftirenler <a href=\"https:\/\/en.wikipedia.org\/wiki\/Stack_machine#Virtual_stack_machines\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">sanal y\u0131\u011f\u0131n makinesi<\/a> yakla\u015f\u0131m\u0131nda bulundular, kodu \u00e7al\u0131\u015ft\u0131rmay\u0131p kod hakk\u0131nda bilgi toplad\u0131lar. <\/p>\n<p>Ortaya \u015fu \u00e7\u0131kt\u0131, zararl\u0131 Flash objelerinin zararl\u0131 oldu\u011funu anlamak i\u00e7in \u00e7al\u0131\u015ft\u0131rmak gerekmiyor.  Zararl\u0131 yaz\u0131l\u0131m\u0131 geli\u015ftirenler kodun neredeyse her par\u00e7as\u0131n\u0131 tek tek de\u011fi\u015ftirse de, bizim y\u00f6ntemimiz uyguland\u0131\u011f\u0131nda program\u0131n k\u00f6t\u00fc niyetini gizleyemiyorlar.<br>\nSonu\u00e7 olarak, Flash\u2019\u0131n a\u00e7\u0131klar\u0131n\u0131 nas\u0131l kulland\u0131klar\u0131n\u0131 bildi\u011fimiz i\u00e7in, otomatik olarak ayn\u0131 y\u00f6ntemi kullanan b\u00fct\u00fcn zararl\u0131 yaz\u0131l\u0131mlar\u0131 engelleyebiliyoruz. Bu teknolojiyi <a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Internet Security<\/a> ve <a href=\"https:\/\/kas.pr\/kdktstr\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Total Security<\/a> \u00fcr\u00fcnlerimize ekledi\u011fimizden beri, bu konudaki tehdit alg\u0131lama oran\u0131m\u0131z iki kat artt\u0131.<br>\nDurumun \u00f6nemini daha iyi anlaman\u0131z i\u00e7in ufak bir bilgi: Anti vir\u00fcs firmalar\u0131 tehdit alg\u0131lama oranlar\u0131n\u0131 y\u00fczde baz\u0131nda artt\u0131rmak i\u00e7in bile inan\u0131lmaz \u00e7aba harcarken; tehdit alg\u0131lamay\u0131 iki kat artt\u0131rmak ger\u00e7ekten \u015fok edici bir olay. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00d6ncelikle size k\u0131saca yaz\u0131m\u0131z\u0131n genel konusu olan exploit\u2019ten bahsedelim. Wikipedia\u2019ya g\u00f6re tan\u0131m\u0131 \u015fudur; Exploit (\u0130ngilizce: to exploit \u2013 k\u00f6t\u00fcye kullanmak) bir bilgisayar program\u0131d\u0131r veya bir script, bilgisayar programlar\u0131nda bulunan zay\u0131fl\u0131k<\/p>\n","protected":false},"author":40,"featured_media":2345,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[969,968,180,352,678,903,537,878],"class_list":{"0":"post-2344","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-aciklar","10":"tag-adobe-flash","11":"tag-kaspersky-internet-security","12":"tag-kaspersky-lab","13":"tag-kaspersky-total-security","14":"tag-patent","15":"tag-tehditler","16":"tag-teknoloji"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/flash-exploit-patent\/2344\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/flash-exploit-patent\/3869\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/flash-exploit-patent\/7483\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/flash-exploit-patent\/7509\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/flash-exploit-patent\/7480\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/flash-exploit-patent\/8892\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/flash-exploit-patent\/8726\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/flash-exploit-patent\/12654\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/flash-exploit-patent\/12731\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/flash-exploit-patent\/5956\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/flash-exploit-patent\/6459\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/flash-exploit-patent\/5231\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/flash-exploit-patent\/8396\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/flash-exploit-patent\/12211\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/flash-exploit-patent\/12654\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/flash-exploit-patent\/12731\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/flash-exploit-patent\/12731\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/aciklar\/","name":"a\u00e7\u0131klar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2344"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2344\/revisions"}],"predecessor-version":[{"id":7157,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2344\/revisions\/7157"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2345"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}