{"id":57589,"date":"2026-03-03T01:36:06","date_gmt":"2026-03-03T01:36:06","guid":{"rendered":"https:\/\/bihavadis.com\/?p=57589"},"modified":"2026-03-03T01:36:06","modified_gmt":"2026-03-03T01:36:06","slug":"kaspersky-macos-kullanicilarini-etkileyen-kritik-guvenlik-acigi-tespit-edildi","status":"publish","type":"post","link":"https:\/\/bihavadis.com\/index.php\/2026\/03\/03\/kaspersky-macos-kullanicilarini-etkileyen-kritik-guvenlik-acigi-tespit-edildi\/","title":{"rendered":"Kaspersky: macOs Kullan\u0131c\u0131lar\u0131n\u0131 Etkileyen Kritik G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Tespit Edildi"},"content":{"rendered":"

Yayg\u0131n olarak kullan\u0131lan a\u00e7\u0131k kaynakl\u0131 meta veri arac\u0131ndaki zafiyet, \u00f6zel haz\u0131rlanm\u0131\u015f g\u00f6rsel dosyalar\u0131 arac\u0131l\u0131\u011f\u0131yla rastgele kod \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131na imk\u00e2n tan\u0131yor; yama yay\u0131mland\u0131.<\/em><\/p>\n

Kaspersky K\u00fcresel Ara\u015ft\u0131rma ve Analiz Ekibi (GReAT), d\u00fcnya \u00e7ap\u0131nda g\u00f6rsel, video ve PDF dosyalar\u0131ndaki meta verileri okumak ve d\u00fczenlemek i\u00e7in kullan\u0131lan a\u00e7\u0131k kaynakl\u0131 ExifTool yaz\u0131l\u0131m\u0131nda bir komut enjeksiyonu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 (CVE-2026-3102) tespit etti. ExifTool\u2019un 13.49 ve \u00f6nceki s\u00fcr\u00fcmlerini \u00e7al\u0131\u015ft\u0131ran macOS sistemlerini etkileyen bu kusur, bir sald\u0131rgan\u0131n bir g\u00f6rsel dosyas\u0131n\u0131n meta verilerine gizli talimatlar yerle\u015ftirerek hedef sistemde rastgele komutlar y\u00fcr\u00fctmesine imkan tan\u0131yor. Projenin geli\u015ftiricisi Phil Harvey, 7 \u015eubat’ta yay\u0131nlanan 13.50 s\u00fcr\u00fcm\u00fcyle s\u00f6z konusu a\u00e7\u0131\u011f\u0131 giderdi.<\/p>\n

G\u00fcvenlik a\u00e7\u0131\u011f\u0131, ExifTool\u2019un macOS \u00fczerinde belirli meta veri etiketlerini i\u015fleme bi\u00e7imindeki yetersiz girdi temizleme (input sanitization) prosed\u00fcrlerinden kaynaklan\u0131yor. Bir sald\u0131rgan, k\u00f6t\u00fc ama\u00e7l\u0131 komutlar i\u00e7eren “silahland\u0131r\u0131lm\u0131\u015f” bir PNG dosyas\u0131 olu\u015fturabiliyor ve bu dosya ExifTool taraf\u0131ndan i\u015flendi\u011fi anda komutlar hedef sistemde otomatik olarak \u00e7al\u0131\u015f\u0131yor. \u0130stismar s\u00fcreci olduk\u00e7a d\u00fc\u015f\u00fck karma\u015f\u0131kl\u0131\u011fa sahip: \u0130lk komut silahland\u0131r\u0131lm\u0131\u015f g\u00f6rseli olu\u015fturuyor, ikinci komut ise hedef sistemdeki y\u00fcr\u00fctme s\u00fcrecini tetikliyor.<\/p>\n

Bu a\u00e7\u0131k istismar edildi\u011finde, tehdit akt\u00f6rleri tehlikeye at\u0131lm\u0131\u015f makineye ek k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m (payload) indirme, bunlar\u0131 \u00e7al\u0131\u015ft\u0131rma veya sistemde depolanan g\u00f6rseller ve PDF’ler de dahil olmak \u00fczere hassas verileri ele ge\u00e7irme yetkisine sahip olabiliyor.<\/p>\n

G\u00f6rsel, ses, video ve PDF meta verilerini okuma, yazma ve i\u015fleme yetene\u011fine sahip olan ExifTool; dijital i\u015f ak\u0131\u015flar\u0131nda, adli bili\u015fim analizlerinde ve k\u00fct\u00fcphane ar\u015fivleme s\u00fcre\u00e7lerinde yayg\u0131n olarak kullan\u0131l\u0131yor. Tipik A\u00e7\u0131k Kaynak \u0130stihbarat\u0131 (OSINT) faaliyetleri aras\u0131nda; \u00e7ekim tarihlerinin\/konumlar\u0131n\u0131n \u00e7\u0131kar\u0131lmas\u0131, d\u00fczenleme yaz\u0131l\u0131mlar\u0131n\u0131n tespiti, yan dosyalar\u0131n (sidecar) e\u015fle\u015ftirilmesi ve s\u00fcr\u00fcmler aras\u0131 meta veri farkl\u0131l\u0131klar\u0131n\u0131n kar\u015f\u0131la\u015ft\u0131r\u0131lmas\u0131 yer al\u0131yor.<\/p>\n

Kaspersky K\u00fcresel Ara\u015ft\u0131rma ve Analiz Ekibi’nden G\u00fcvenlik Ara\u015ft\u0131rmac\u0131s\u0131<\/strong>\u00a0Lucas Tay<\/strong>, konuya ili\u015fkin \u015fu a\u00e7\u0131klamada bulundu: “Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 dikkat \u00e7ekici k\u0131lan unsur, belirli bir komut sat\u0131r\u0131 kullan\u0131ld\u0131\u011f\u0131nda istismar\u0131n\u0131n ne kadar basit oldu\u011fu ile ExifTool’un profesyonel i\u015f ak\u0131\u015flar\u0131na ne kadar derinlemesine entegre oldu\u011fu aras\u0131ndaki tezatl\u0131kt\u0131r. macOS \u00fczerinde ExifTool \u00e7al\u0131\u015ft\u0131ran herkes 13.50 s\u00fcr\u00fcm\u00fcne g\u00fcncellemeli; ayr\u0131ca otomatik veri hatlar\u0131 (pipeline) kullanan ekipler, betiklerinin hangi s\u00fcr\u00fcm\u00fc \u00e7a\u011f\u0131rd\u0131\u011f\u0131n\u0131 mutlaka do\u011frulamal\u0131d\u0131r.”<\/em><\/p>\n

CVE-2026-3102\u2019ye kar\u015f\u0131 korunmak i\u00e7in Kaspersky, ExifTool\u2019un 13.50 veya daha yeni bir s\u00fcr\u00fcme g\u00fcncellenmesini \u00f6neriyor. macOS \u00fczerinde yamalanmam\u0131\u015f s\u00fcr\u00fcmlerle g\u00fcvenilir olmayan kaynaklardan gelen g\u00f6rsel dosyalar\u0131n\u0131n i\u015flenmemesi tavsiye ediliyor. Ayr\u0131ca ExifTool\u2019u \u00e7a\u011f\u0131ran otomatik i\u015f ak\u0131\u015flar\u0131 ve betiklerin g\u00f6zden ge\u00e7irilerek yamal\u0131 s\u00fcr\u00fcme referans verdiklerinin teyit edilmesi gerekiyor. \u0130\u015f s\u00fcre\u00e7lerinde a\u00e7\u0131k kaynak bile\u015fenlere yer veren kurumlar ise yaz\u0131l\u0131m tedarik zincirlerindeki zafiyetleri s\u00fcrekli izlemek amac\u0131yla Kaspersky\u2019nin\u00a0Open Source Software Threats Data Feed\u00a0\u00e7\u00f6z\u00fcm\u00fcnden yararlanabiliyor.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Yayg\u0131n olarak kullan\u0131lan a\u00e7\u0131k kaynakl\u0131 meta veri arac\u0131ndaki zafiyet, \u00f6zel haz\u0131rlanm\u0131\u015f g\u00f6rsel dosyalar\u0131 arac\u0131l\u0131\u011f\u0131yla rastgele kod \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131na imk\u00e2n tan\u0131yor; yama yay\u0131mland\u0131.<\/p>\n","protected":false},"author":1,"featured_media":57590,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[6201,5909,395,942,6983],"class_list":["post-57589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-dosya","tag-gorsel","tag-is","tag-kaynak","tag-komut"],"_links":{"self":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/57589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/comments?post=57589"}],"version-history":[{"count":1,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/57589\/revisions"}],"predecessor-version":[{"id":57591,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/57589\/revisions\/57591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media\/57590"}],"wp:attachment":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media?parent=57589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/categories?post=57589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/tags?post=57589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}