iOS平台下基于UIWebView漏洞的研究
Research of UIWebView Component Vulnerability on iOS Platform

作者: 李伏一 , 牛少彰 , 张文 :北京邮电大学,北京;

关键词: Hybrid模式UIWebView组件安全性Hybrid Mode Uiwebview Component Security Problem

摘要: 现在越来越多的iOS应用程序在进行系统设计时,采用了Hybrid混合架构模式,这种模式虽然带来了跨平台开发的优势,但是也带来了一些安全问题,本文针对这一问题展开研究,总结了目前iOS平台在使用UIWebView组件时所带来的一些安全问题,并对这些安全问题做了很详尽的分析,最后针对每一个安全问题,分别提出了一个解决方案,确保在享受Hybrid模式的优势时,也保证了应用程序的安全性。

Abstract: Now more and more iOS applications adopt the Hybrid model, which not only brings the advantage of cross-platform development, but also brings some security problems. This paper summarizes the current security problems of using UIWebView components on the iOS platform and we do a very detailed analysis about these security problems. Finally, for each security problem, we put forward the corresponding solution to ensure the security of the application.

文章引用: 李伏一 , 牛少彰 , 张文 (2015) iOS平台下基于UIWebView漏洞的研究。 计算机科学与应用, 5, 403-409. doi: 10.12677/CSA.2015.511051

参考文献

[1] UIWebViewClassReference. https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIWebView_Class/index.html

[2] CVE-2013-6893. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-6893

[3] WooYun-2015-146717. http://www.wooyun.org/bugs/wooyun-2015-0146717

[4] Phonegap. http://www.phonegap.com

[5] Extracting html from a webview. http://lexandera.com/2009/01/extracting-html-from-a-webview/

[6] Pilorz, L. and Wylecial, P. (2014) 探讨iOS浏览器的安全问题. SyScan360.

[7] Intercepting Page Loads in webview. (2009). http://lexandera.com/2009/02/intercepting-page-loads-in-webview/

[8] iOS安全系列之二: HTTPS进阶[EB/OL]. http://oncenote.com/2015/09/16/Security-2-HTTPS2/

[9] Apple iOS 9: Security & Privacy Features. https://medium.com/@FredericJacobs/apple-ios-9-security-privacy-features-8d82d9da10eb#.7b7zakeqe

[10] Adven-tures with iOSUIWebviews. https://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews/

分享
Top