Software vulnerability repair method and device for terminal

Abstract

The invention discloses a software vulnerability fixing method and device for a terminal. One embodiment of the method comprises the steps that a fixing file, sent by a server, of a software vulnerability is received, wherein the fixing file comprises a fixing code, positioning information and compatibility information, and the compatibility information is used for indicating information needing to be added to a predetermined position of the fixing code when compatibility processing is performed on the fixing code; a to-be-fixed position which is indicated by the positioning information and corresponds to the software vulnerability is determined; the information indicated by the compatibility information is searched for in the context of the to-be-fixed position, and / or prep-acquired system information of the terminal and a preset corresponding relation between the system information and the information indicated by the compatibility information are utilized to search for the information indicated by the compatibility information; the information found through search is added to the predetermined position of the fixing code to obtain a compatible code; and the software vulnerability is fixed through the compatible code. Through the embodiment, hot fixing compatible with software vulnerabilities of different equipment is realized, and therefore the security of terminal equipment is protected.

Description

technical field [0001] The present application relates to the field of computer technology, specifically to the field of security technology, and in particular to a method and device for repairing software bugs in terminals. Background technique [0002] Vulnerabilities are defects in the specific implementation of hardware, software, protocols or system security policies, which allow attackers to access or destroy the system without authorization. Software is often the result of negligence on the part of the developer when developing the software, or limitations of the programming language. [0003] Taking the Android system as an example, among the native Android vulnerabilities, the kernel layer vulnerabilities account for about 1 / 4, and the native method layer (Native) layer, application framework layer, and native applications account for about the remaining 3 / 4. The existing vulnerability repair method is mainly that different device manufacturers release the source c...

AI Technical Summary

Problems solved by technology

[0004] However, due to the fragmentation of the Android system, there are more and more Android device types and system versions, and the existing vulnerability repair methods cannot be compatible with various Android devices, resulting in higher and higher development costs, which seriously hinders the repair of the vulnerability. Users are facing potential security threats, and this repair method only focuses on repairing kernel layer vulnerabilities, and cannot dynamically repair Native layer, application framework layer, and application layer vulnerabilities. The repair process requires restarting the device to achieve hot repair.

Images