{"id":4586,"date":"2018-01-05T15:46:49","date_gmt":"2018-01-05T12:46:49","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4586"},"modified":"2019-11-15T14:44:49","modified_gmt":"2019-11-15T11:44:49","slug":"two-severe-vulnerabilities-found-in-intels-hardware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/4586\/","title":{"rendered":"Intel donan\u0131mlar\u0131nda iki ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulundu"},"content":{"rendered":"<p>Intel mikro\u00e7iplerinde iki ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 <a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ke\u015ffedildi<\/a>. Bu a\u00e7\u0131klardan ikisi de sald\u0131rganlar\u0131n \u00e7ekirdek belle\u011fe ula\u015farak uygulamalardan hassas bilgileri ele ge\u00e7irmesine izin veriyor. \u0130lk g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan Meltdown, kullan\u0131c\u0131 uygulamalar\u0131 ve i\u015fletim sisteminin hassas par\u00e7alar\u0131 aras\u0131ndaki bariyeri etkili bir \u015fekilde kald\u0131rabilir. Yine AMD ve ARM \u00e7iplerinde bulunan ikinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131 Spectre ise savunmas\u0131z uygulamalar\u0131 bellek i\u00e7eriklerini s\u0131zd\u0131rmak i\u00e7in kand\u0131rabilir.<\/p>\n<p>Cihazda kurulu uygulamalar genellikle \u201ckullan\u0131c\u0131 modunda\u201d, i\u015fletim sisteminin daha hassas par\u00e7alar\u0131ndan uzakta \u00e7al\u0131\u015ft\u0131r\u0131l\u0131r. Bir uygulama hassas bir alana \u00f6rne\u011fin; temel al\u0131nan diske, a\u011fa veya i\u015flem birimine eri\u015fim sa\u011flamak zorunda oldu\u011funda \u201ckorumal\u0131 modu\u201d kullanmak i\u00e7in izin istemelidir. Meltdown a\u00e7\u0131\u011f\u0131nda, sald\u0131rgan bariyeri etkili bir \u015fekilde kald\u0131rarak izin almadan korumal\u0131 moda ve \u00e7ekirdek belle\u011fe eri\u015fim sa\u011flayabilir. Bu sayede korumal\u0131 modu ve \u00e7ekirdek belle\u011fi, \u00e7al\u0131\u015fan uygulamalar\u0131n belle\u011finden veri \u00e7almak i\u00e7in kullanabilir. Bu y\u00f6ntemle parola y\u00f6neticilerinden, taray\u0131c\u0131lardan, e-postalardan, foto\u011fraflardan ve belgelerden verileri \u00e7alabilir.<\/p>\n<p>Yani pratikte Meltdown kullan\u0131larak rastlant\u0131sal bellek okunabilir. Bu i\u015flem parolalar\u0131, \u015fifreleme anahtarlar\u0131n\u0131, oturum a\u00e7ma bilgilerini, kredi kart\u0131 bilgilerini ve daha bir\u00e7ok \u015feyi kapsar. Spectre kullan\u0131ld\u0131\u011f\u0131nda ise (savunmas\u0131z) bir uygulaman\u0131n belle\u011fi okunabilir. \u00d6rne\u011fin bir web sitesini ziyaret etti\u011finizde web sitesindeki JavaScript kodu, taray\u0131c\u0131n\u0131z\u0131n belle\u011finde depolanan oturum a\u00e7ma bilgilerini ve parolalar\u0131n\u0131 okuyabilir.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Using <a href=\"https:\/\/twitter.com\/hashtag\/Meltdown?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Meltdown<\/a> to steal passwords in real time  <a href=\"https:\/\/twitter.com\/hashtag\/intelbug?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#intelbug<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/kaiser?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#kaiser<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/kpti?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#kpti<\/a> \/cc <a href=\"https:\/\/twitter.com\/mlqxyz?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@mlqxyz<\/a> <a href=\"https:\/\/twitter.com\/lavados?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@lavados<\/a> <a href=\"https:\/\/twitter.com\/StefanMangard?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@StefanMangard<\/a> <a href=\"https:\/\/twitter.com\/yuvalyarom?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@yuvalyarom<\/a> <a href=\"https:\/\/t.co\/gX4CxfL1Ax\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/gX4CxfL1Ax<\/a> <a href=\"https:\/\/t.co\/JbEvQSQraP\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/JbEvQSQraP<\/a><\/p>\n<p>\u2014 Michael Schwarz (@misc0110) <a href=\"https:\/\/twitter.com\/misc0110\/status\/948706387491786752?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 4, 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Meltdown ve Spectre donan\u0131m hatalar\u0131 oldu\u011fu i\u00e7in d\u00fczeltme ekleri yay\u0131nlamak zorlu bir i\u015flemdir. Linux, Windows ve MacOS i\u00e7in Meltdown a\u00e7\u0131\u011f\u0131na kar\u015f\u0131 d\u00fczeltme <a href=\"https:\/\/meltdownattack.com\/#faq-fix\" target=\"_blank\" rel=\"noopener nofollow\">g\u00fcncellemeleri<\/a> yay\u0131nland\u0131 ancak <a href=\"https:\/\/spectreattack.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Spectre<\/a> a\u00e7\u0131\u011f\u0131na kar\u015f\u0131 uygulamalar\u0131 g\u00fc\u00e7lendirmek i\u00e7in \u00e7al\u0131\u015fmalar devam ediyor. <a href=\"https:\/\/meltdownattack.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Buradan<\/a> konu hakk\u0131nda daha \u00e7ok bilgi edinebilirsiniz.<\/p>\n<p><strong>Bu arada her zaman s\u00f6yledi\u011fimiz gibi en yeni g\u00fcvenlik g\u00fcncellemelerini \u00e7\u0131kar \u00e7\u0131kmaz y\u00fcklemek \u00e7ok \u00f6nemlidir.<\/strong> \u00c7\u00fcnk\u00fc sald\u0131rganlar\u0131n bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kullanmaya ba\u015flamas\u0131 \u00e7ok uzun s\u00fcrmeyecektir. \u00d6rnek kod, \u00e7oktan yay\u0131nland\u0131 bile.<\/p>\n<p>Kaspersky Lab \u00fcr\u00fcnlerinin Microsoft Windows G\u00fcvenlik g\u00fcncellemesiyle uyumlulu\u011fu<\/p>\n<p>\u0130\u015fletim sistemleri Meltdown\u2019a y\u00f6nelik yamalar yay\u0131nlamaya ba\u015flad\u0131 ancak 3 Ocak\u2019ta \u00e7o\u011fu g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcyle uyumsuz g\u00fcvenlik g\u00fcncellemeleri yay\u0131nlad\u0131lar. Bunlar, bu \u00e7\u00f6z\u00fcmlerin d\u00fczg\u00fcn \u00e7al\u0131\u015fmamas\u0131na veya i\u015fletim sisteminin donmas\u0131na ya da yeniden ba\u015flat\u0131lmas\u0131na yol a\u00e7t\u0131.<\/p>\n<p>\u0130yi haber: Kaspersky Lab\u2019in hem i\u015fletme hem bireysel \u00e7\u00f6z\u00fcmleri bu g\u00fcncellemeyle tamamen uyumlu. Microsoft g\u00fcncellemeyi yaln\u0131zca sistem haz\u0131r olarak i\u015faretlendi\u011finde sunuyor ve bizim taraf\u0131m\u0131zda, haz\u0131r olma durumunu belirten i\u015faret, 28 Aral\u0131k 2017\u2019de verilen g\u00fcncellemede yer al\u0131yordu. Antivir\u00fcs veritaban\u0131n\u0131z g\u00fcncelse, bilgisayar\u0131n\u0131z Meltdown\u2019\u0131 ortadan kald\u0131ran Windows g\u00fcncellemesini almaya haz\u0131r demektir. Hen\u00fcz g\u00fcncellemeyi almad\u0131ysan\u0131z bile yak\u0131n zamanda alacaks\u0131n\u0131zd\u0131r. G\u00fcncellemeyi, m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede y\u00fcklemenizi \u015fiddetle tavsiye ederiz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intel mikro\u00e7iplerinde iki ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffedildi. Bu a\u00e7\u0131klardan ikisi de sald\u0131rganlar\u0131n \u00e7ekirdek belle\u011fe ula\u015farak uygulamalardan hassas bilgileri ele ge\u00e7irmesine izin veriyor. \u0130lk g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan Meltdown, kullan\u0131c\u0131 uygulamalar\u0131 ve i\u015fletim sisteminin hassas par\u00e7alar\u0131 aras\u0131ndaki bariyeri etkili bir \u015fekilde kald\u0131rabilir. Yine AMD ve ARM \u00e7iplerinde bulunan ikinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131 Spectre ise savunmas\u0131z uygulamalar\u0131 bellek i\u00e7eriklerini s\u0131zd\u0131rmak i\u00e7in kand\u0131rabilir.<\/p>\n","protected":false},"author":423,"featured_media":4587,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287],"tags":[909,754,1503,1504,1226,1505],"class_list":{"0":"post-4586","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-acik","9":"tag-donanim","10":"tag-intel","11":"tag-meltdown","12":"tag-sistem-acigi","13":"tag-spectre"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/4586\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/12094\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/10061\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/5538\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/14326\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/12551\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/12272\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/15077\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/14880\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/19454\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/20620\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/9978\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/two-severe-vulnerabilities-found-in-intels-hardware\/8725\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/15595\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/9096\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/two-severe-vulnerabilities-found-in-intels-hardware\/19170\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/19293\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/two-severe-vulnerabilities-found-in-intels-hardware\/19280\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/acik\/","name":"a\u00e7\u0131k"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/423"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4586"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4586\/revisions"}],"predecessor-version":[{"id":6981,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4586\/revisions\/6981"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4587"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}