Android开发同学请注意啦,Android Studio2.1.1版本发布更新, 解决重大安全问题.
2016-05-13 14:56
1201 查看
5月11号发布的Android Studio 2.1.1版本修复了两个重大的安全问题:
Built-in WebServer Vulnerabilities(内置的web服务器漏洞):
在IDE内置的web服务器中有一个跨站点伪造请求缺陷,可能允许攻击者在未经用户同意的情况下访问本地文件系统.
Internal RPC Vulnerabilities(内部RPC漏洞):
设置了过度宽松的跨域资源共享,可能允许攻击者访问各种内部的API;获取IDE保存的数据,收集各种元信息,比如IDE版,本或者打开一个未经允许项目.
虽然没有收到用户相关的报告,但升级到这个新版本是很重要的.
原文: https://plus.google.com/103342515830390186255/posts/5TGKhcwtip5
Please update to Android Studio v2.1.1
We wanted to make you aware of an important security update for Android Studio.
Today we released the Android Studio 2.1.1 update. The incremental update addresses two security vulnerabilities in the underlying IntelliJ platform that affects all previous versions of Android Studio:
Built-in WebServer Vulnerabilities: A Cross-Site Request Forgery (CSRF) flaw in the IDE’s built-in WebServer could allow an attacker to access the local file system from a malicious web page without user consent.
Internal RPC Vulnerabilities: Over-permissive Cross-Origin Resource Sharing (CORS) settings could allow an attacker to access various internal API endpoints; gain access to data saved by the IDE; gather various meta-information, like IDE version; or open a project without permission.
We have had no reports of active customer exploitation or abuse of these newly reported issues, but it’s important that you update to this new version now.
更多关于Android Studio的使用技巧,请参考 《Android Studio实用指南》
下载地址:
Windows: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-windows.zip (286.7 MiB)
Mac: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-mac.zip (285.2 MiB)
Linux: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-linux.zip (284.3 MiB)
Built-in WebServer Vulnerabilities(内置的web服务器漏洞):
在IDE内置的web服务器中有一个跨站点伪造请求缺陷,可能允许攻击者在未经用户同意的情况下访问本地文件系统.
Internal RPC Vulnerabilities(内部RPC漏洞):
设置了过度宽松的跨域资源共享,可能允许攻击者访问各种内部的API;获取IDE保存的数据,收集各种元信息,比如IDE版,本或者打开一个未经允许项目.
虽然没有收到用户相关的报告,但升级到这个新版本是很重要的.
原文: https://plus.google.com/103342515830390186255/posts/5TGKhcwtip5
Please update to Android Studio v2.1.1
We wanted to make you aware of an important security update for Android Studio.
Today we released the Android Studio 2.1.1 update. The incremental update addresses two security vulnerabilities in the underlying IntelliJ platform that affects all previous versions of Android Studio:
Built-in WebServer Vulnerabilities: A Cross-Site Request Forgery (CSRF) flaw in the IDE’s built-in WebServer could allow an attacker to access the local file system from a malicious web page without user consent.
Internal RPC Vulnerabilities: Over-permissive Cross-Origin Resource Sharing (CORS) settings could allow an attacker to access various internal API endpoints; gain access to data saved by the IDE; gather various meta-information, like IDE version; or open a project without permission.
We have had no reports of active customer exploitation or abuse of these newly reported issues, but it’s important that you update to this new version now.
更多关于Android Studio的使用技巧,请参考 《Android Studio实用指南》
下载地址:
Windows: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-windows.zip (286.7 MiB)
Mac: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-mac.zip (285.2 MiB)
Linux: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-linux.zip (284.3 MiB)
相关文章推荐
- Android左边菜单栏导航
- android-SQLiteOpenHelper又称本地库
- Android通知代码
- Android Studio使用gradle打包指定包名和类的jar
- Android ListView与EditText共存错位
- Android之dialog
- android studio导入so,bat文件
- Android字段验证的实例代码
- Android Dev Intro - Android Activity Lifecycle
- Android Viewpager拦截 左右滑动
- Android开发随手记录-AS导出jar包
- android的m、mm、mmm编译命令的使用
- Android系统中蓝牙设备间连接和通信
- android toast几种使用方法
- This version of the rendering library is more recent than your version of Android Studio. Please upd
- android 系统提示对话框(AlertDialog)的使用
- 7种形式的Android Dialog使用举例
- Android Studio编译报错:sdk:minSdkVersion 1 cannot be smaller than version 7 declared in library
- android进阶之路:大神问答
- Android打造带透明圆弧的ImageView