iOS平台下基于UIWebView漏洞的研究
Research of UIWebView Component Vulnerability on iOS Platform
DOI: 10.12677/CSA.2015.511051, PDF, HTML, XML, 下载: 2,686  浏览: 5,687  国家自然科学基金支持
作者: 李伏一, 牛少彰, 张文:北京邮电大学,北京
关键词: Hybrid模式UIWebView组件安全性Hybrid Mode Uiwebview Component Security Problem
摘要: 现在越来越多的iOS应用程序在进行系统设计时,采用了Hybrid混合架构模式,这种模式虽然带来了跨平台开发的优势,但是也带来了一些安全问题,本文针对这一问题展开研究,总结了目前iOS平台在使用UIWebView组件时所带来的一些安全问题,并对这些安全问题做了很详尽的分析,最后针对每一个安全问题,分别提出了一个解决方案,确保在享受Hybrid模式的优势时,也保证了应用程序的安全性。
Abstract: Now more and more iOS applications adopt the Hybrid model, which not only brings the advantage of cross-platform development, but also brings some security problems. This paper summarizes the current security problems of using UIWebView components on the iOS platform and we do a very detailed analysis about these security problems. Finally, for each security problem, we put forward the corresponding solution to ensure the security of the application.
文章引用:李伏一, 牛少彰, 张文. iOS平台下基于UIWebView漏洞的研究[J]. 计算机科学与应用, 2015, 5(11): 403-409. http://dx.doi.org/10.12677/CSA.2015.511051

参考文献

[1] UIWebViewClassReference. https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIWebView_Class/index.html
[2] CVE-2013-6893. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-6893
[3] WooYun-2015-146717. http://www.wooyun.org/bugs/wooyun-2015-0146717
[4] Phonegap. http://www.phonegap.com
[5] Extracting html from a webview. http://lexandera.com/2009/01/extracting-html-from-a-webview/
[6] Pilorz, L. and Wylecial, P. (2014) 探讨iOS浏览器的安全问题. SyScan360.
[7] Intercepting Page Loads in webview. (2009). http://lexandera.com/2009/02/intercepting-page-loads-in-webview/
[8] iOS安全系列之二: HTTPS进阶[EB/OL]. http://oncenote.com/2015/09/16/Security-2-HTTPS2/
[9] Apple iOS 9: Security & Privacy Features. https://medium.com/@FredericJacobs/apple-ios-9-security-privacy-features-8d82d9da10eb#.7b7zakeqe
[10] Adven-tures with iOSUIWebviews. https://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews/