0为提升iOS系统的安全性,提高iOS应用程序抵御非法攻击的能力,避免系统漏洞给用户带来巨大损失.针对应用程序运行时底层核心系统Runtime System进行深入研究,发现其底层API接口在实现许多强大功能的同时也留下了巨大的安全漏洞.经实例验证,攻击者可以通过破解加密、反编译可执行文件,获取程序中的类、方法及属性等信息,进而通过运行时调用Runtime System的API来控制程序.以程序操控或动态注入恶意代码给iOS系统上的应用程序带来极大危害.最后针对漏洞的利用方法分别提出防护方案以此提高iOS系统的安全性.%To enhance the security of iOS system,to improve the ability of iOS application to resist illegal attacks,to avoid system vulnerabilities to the user a huge loss,we studied the Runtime system which was the underlying core system of the application runtime and found the underlying API interface in the realization of many powerful features but also left a huge security vulnerabilities.Through the example,an attacker could control the program by cracking the encryption,decompiling the executable,getting the classes,methods,and properties in the program,and then calling the Runtime System API at run time.Program manipulation or dynamic injection of malicious code to iOS applications on the system brought great harm.Finally,the protection scheme remedying the vulnerability was proposed to improve the security of iOS system.
展开▼
