{"id":837,"date":"2014-01-22T11:44:53","date_gmt":"2014-01-22T16:44:53","guid":{"rendered":"http:\/\/www.kaspersky.com.tr\/blog\/?p=837"},"modified":"2017-09-21T14:45:00","modified_gmt":"2017-09-21T11:45:00","slug":"starbucks-uygulama-guvenlik-acigina-hizli-yama","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/starbucks-uygulama-guvenlik-acigina-hizli-yama\/837\/","title":{"rendered":"Starbucks&#8217;tan Uygulama G\u00fcvenlik A\u00e7\u0131\u011f\u0131na H\u0131zl\u0131 Yama"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-838\" alt=\"starbucks_fb\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2014\/01\/06015227\/starbucks_fb.png\" width=\"403\" height=\"403\" \/><\/p>\n<p>Bu hafta ba\u015f\u0131nda Starbucks&#8217;\u0131n iOS mobil uygulamas\u0131n\u0131daki bir a\u00e7\u0131\u011f\u0131n uygulamay\u0131 indiren m\u00fc\u015fterilerin ki\u015fisel bilgileri hackerlar taraf\u0131ndan eri\u015filebilir hale getirdi\u011fine dair bilgiler geldi. Teknoloji firmas\u0131 olmamas\u0131na ra\u011fmen duruma h\u0131zla m\u00fcdahele eden Starbucks bu a\u00e7\u0131\u011f\u0131 kapatan yeni s\u00fcr\u00fcm\u00fcn\u00fc ge\u00e7ti\u011fimiz g\u00fcnlerde yay\u0131nlad\u0131.<\/p>\n<p>Tabi ki Starbucks bu sebeple para s\u0131k\u0131nt\u0131s\u0131 \u00e7ekmiyor ancak Aral\u0131k ay\u0131nda ortaya \u00e7\u0131kan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n Ocak ay\u0131nda giderilmesi g\u00fcvenlik yamalar\u0131na g\u00f6sterilen de\u011feri ortaya koyuyor. G\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n ortaya \u00e7\u0131kmas\u0131 ve giderilmesi s\u00fcresi genellikle \u00fcretici onaylar\u0131, b\u00fct\u00fcnle\u015ftirme, evri\u015ftirme gibi s\u00fcre\u00e7lerinin ard\u0131ndan aylar s\u00fcrmektedir.<\/p>\n<p>\u0130lk ve \u00f6nemli olan konu: e\u011fer Starbucks mobil uygulamas\u0131n\u0131 indirdiyseniz App Store&#8217;u ziyaret edip iPhone, iPad ve di\u011fer iCihazlar\u0131n\u0131zda yeni s\u00fcr\u00fcm\u00fcn\u00fc g\u00fcncellemelisiniz.<\/p>\n<p>S\u0131k\u0131c\u0131 teknik detaylar\u0131 bir kenara koyarsak g\u00fcvenlik a\u00e7\u0131\u011f\u0131 16 Ocak tarihine kadar var olan 2.6.1 s\u00fcr\u00fcm\u00fcnde mevcuttu. \u015eirket 2.6.2 s\u00fcr\u00fcm\u00fc ile bu a\u00e7\u0131\u011f\u0131 giderdi. Bu yeni s\u00fcr\u00fcm\u00fcn g\u00fcncellemesini Apple App Store&#8217;dan indirebilirsiniz.<\/p>\n<p>Threatpost&#8217;tan Chirs Brook&#8217;un raporuna g\u00f6re g\u00fcncellemeyi yapmayan kullan\u0131c\u0131lar, Ad Soya, adres, cihaz kimli\u011fi ve \u00e7e\u015fitli co\u011frafi konum bilgilerinin ele ge\u00e7irilmesi tehlikesi ile kar\u015f\u0131 kar\u015f\u0131yalar.<\/p>\n<p>Kahve devinin uygulamas\u0131 t\u00fcm bu bilgileri kriptolamadan a\u00e7\u0131k halde, Crashlytics isimli Boston firmas\u0131 taraf\u0131nda geli\u015ftirilen \u00fc\u00e7\u00fcnc\u00fc parti \u00e7\u00f6kme korumas\u0131 \u00e7\u00f6z\u00fcm\u00fcn\u00fcn i\u00e7indeki bir kay\u0131t dosyas\u0131nda tutuyor.<\/p>\n<p>Bu a\u00e7\u0131\u011f\u0131 ke\u015ffeden Open Web Application Security Project (OWASP) \u00fcyesi ara\u015ft\u0131rmac\u0131 Daniel Wood, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 uygulama g\u00fcvenli\u011findeki ba\u015far\u0131l\u0131 y\u00f6ntemleri izlememe hatas\u0131 olarak nitelendiriyor.<\/p>\n<p>&#8220;Starbucks bu verilerin Crashlytics kay\u0131t dosyalar\u0131nda a\u00e7\u0131k bir \u015fekilde bulundu\u011funu filtre etmeli ve g\u00f6zden ge\u00e7irmeliydi&#8221; diyor Wood.<\/p>\n<p>Crashlytics mobile uygulama \u00fcreticileri i\u00e7in hata raporlama \u00e7\u00f6z\u00fcmleri geli\u015ftiriyor. Starbucks kendi uygulamas\u0131nda bu firman\u0131n \u00e7\u00f6z\u00fcm\u00fcn\u00fc kullanm\u0131\u015f ancak implementasyon s\u0131ras\u0131nda hata yapm\u0131\u015f g\u00f6z\u00fck\u00fcyor.<\/p>\n<p>Crashlytics kurucusu Wayne Chang Threatpost&#8217;tan Chiris Brook ile eposta \u00fczerinden servislerin birine ait a\u00e7\u0131k text kay\u0131t alt\u0131na alma \u00f6zelli\u011fi hakk\u0131nda konu\u015ftu. Threatpost&#8217;a aktard\u0131\u011f\u0131na g\u00f6re Crashlytics kullan\u0131c\u0131 ad\u0131 ve \u015fifreleri otomatik olarak toplam\u0131yor. CLSLog isimli bu \u00f6zellik uygulama geli\u015ftiricilerden taraf\u0131ndan istenirse kullan\u0131labilen se\u00e7imlik bir \u00f6zellik.<\/p>\n<p>E\u011fer merak ediyorsan\u0131z, Starbucks uygulamas\u0131 m\u00fc\u015fterilerin Strabucks kartlar\u0131n\u0131 ak\u0131ll\u0131 telefonlar\u0131na ba\u011flamalar\u0131n\u0131 ve b\u00f6ylece Paypal veya kredi kart\u0131 gibi \u00f6deme y\u00f6ntemlerini kullanmalar\u0131n\u0131 sa\u011fl\u0131yor. Ayr\u0131ca ak\u0131ll\u0131 telefonlar\u0131n\u0131 d\u00fcnya \u00e7ap\u0131nda Starbucks&#8217;larda mobil \u00f6deme mekanizmas\u0131 olarak kullanmalar\u0131na imkan veriyor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bu hafta ba\u015f\u0131nda Starbucks&#8217;\u0131n iOS mobil uygulamas\u0131n\u0131daki bir a\u00e7\u0131\u011f\u0131n uygulamay\u0131 indiren m\u00fc\u015fterilerin ki\u015fisel bilgileri hackerlar taraf\u0131ndan eri\u015filebilir hale getirdi\u011fine dair bilgiler geldi. Teknoloji firmas\u0131 olmamas\u0131na ra\u011fmen duruma h\u0131zla m\u00fcdahele eden<\/p>\n","protected":false},"author":350,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[504,503,505,506],"class_list":{"0":"post-837","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-news","7":"category-threats","8":"tag-app-store","9":"tag-guvenlik-acigi","10":"tag-starbucks","11":"tag-yama"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/starbucks-uygulama-guvenlik-acigina-hizli-yama\/837\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/app-store\/","name":"App Store"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/350"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=837"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/837\/revisions"}],"predecessor-version":[{"id":3955,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/837\/revisions\/3955"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}