苹果致谢

2021年(获得8个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2021-30661 yangkang(@dnpushme) of 360 ATA This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30665 yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30666 yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30687 Hou JingYi (@hjy79425575) of Qihoo 360 This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30726 Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30820 Jianjun Dai of Qihoo 360 Alpha Lab A logic issue was addressed with improved state management.
CVE-2021-30881 Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 An input validation issue was addressed with improved memory handling.
CVE-2021-30981 Liu Long of Ant Security Light-Year Lab, an anonymous researcher A buffer overflow was addressed with improved bounds checking.

2020年(获得21个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2020-27919 Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2020-27945 Zhuo Liang of Qihoo 360 Vulcan Team An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9785 Proteas of Qihoo 360 Nirvan Team Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9795 Zhuo Liang of Qihoo 360 Vulcan Team A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9828 Jianjun Dai of Qihoo 360 Alpha Lab An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.
CVE-2020-9847 Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.
CVE-2020-9865 Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.
CVE-2020-9918 Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2020-9923 Proteas A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2020-9949 Proteas A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9965 Proteas An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9966 Proteas An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-1757 Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.
CVE-2021-1759 Hou JingYi (@hjy79425575) of Qihoo 360 CERT An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2021-1760 @S0rryMybad of 360 Vulcan Team A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.
CVE-2021-1780 Jianjun Dai of 360 Alpha Lab A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.
CVE-2021-1789 @S0rryMybad of 360 Vulcan Team A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-1794 Jianjun Dai of 360 Alpha Lab An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
CVE-2021-1795 Jianjun Dai of 360 Alpha Lab An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
CVE-2021-1796 Jianjun Dai of 360 Alpha Lab An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
CVE-2021-1881 an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

2019年 (获得40个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2019-6207 Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
CVE-2019-6217 Fluoroacetate working with Trend Micro’s Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6225 Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
CVE-2019-6227 Qixun Zhao of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6230 Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
CVE-2019-6231 Zhuo Liang of Qihoo 360 Nirvan Team An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.
CVE-2019-6237 G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-7292 Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
CVE-2019-8525 Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8528 Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8540 Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
CVE-2019-8555 Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8633 Zhuo Liang of Qihoo 360 Vulcan Team A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.
CVE-2019-8701 Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
CVE-2019-8716 Zhiyi Zhang of Codesafe Team of Legendsec at Qi’anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.
CVE-2019-8721 Pan ZhenPeng of Qihoo 360 Nirvan Team Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8722 Pan ZhenPeng of Qihoo 360 Nirvan Team Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8723 Pan ZhenPeng of Qihoo 360 Nirvan Team Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8724 Pan ZhenPeng of Qihoo 360 Nirvan Team Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8738 Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2019-8739 Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2019-8744 Zhuo Liang of Qihoo 360 Vulcan Team A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.
CVE-2019-8759 another of 360 Nirvan Team An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory.
CVE-2019-8800 Pan ZhenPeng of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2019-8801 Hou JingYi (@hjy79425575) of Qihoo 360 CERT A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
CVE-2019-8806 Pan ZhenPeng of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2019-8840 Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.
CVE-2019-8848 Zhuo Liang of Qihoo 360 Vulcan Team This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.
CVE-2019-8853 Jianjun Dai of Qihoo 360 Alpha Lab A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.
CVE-2020-3831 Chilik Tamir of Zimperium zLabs, Corellium, Proteas of Qihoo 360 Nirvan Team A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-3845 Zhuo Liang of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.
CVE-2020-3847 Jianjun Dai of Qihoo 360 Alpha Lab An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.
CVE-2020-3848 Jianjun Dai of Qihoo 360 Alpha Lab A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2020-3849 Jianjun Dai of Qihoo 360 Alpha Lab A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2020-3850 Jianjun Dai of Qihoo 360 Alpha Lab A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2020-3857 Zhuo Liang of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
CVE-2020-3860 Proteas of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-3886 Proteas This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-3903 Proteas of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges.
CVE-2020-3904 Proteas of Qihoo 360 Nirvan Team Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

2018年(获得28个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2018-12126 Ke Sun, Henrique Kawakami, Kekai Hu, and Rodrigo Branco from Intel; Lei Shi – Qihoo 360 CERT; Marina Minkin; Daniel Genkin from University of Michigan; and Yuval Yarom from University of Adelaide Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-4120 Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2018-4132 Axis and pjf of IceSword Lab of Qihoo 360 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2018-4138 Axis and pjf of IceSword Lab of Qihoo 360 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2018-4141 an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2018-4159 Axis and pjf of IceSword Lab of Qihoo 360 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2018-4165 Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2018-4171 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Bluetooth” component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.
CVE-2018-4211 Proteas of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
CVE-2018-4234 Proteas of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “IOHIDFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2018-4236 Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “IOGraphics” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2018-4242 Zhuo Liang of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Hypervisor” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2018-4253 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “AMD” component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.
CVE-2018-4255 shrek_wzw of Qihoo 360 Nirvan Team In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
CVE-2018-4256 shrek_wzw of Qihoo 360 Nirvan Team In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
CVE-2018-4257 shrek_wzw of Qihoo 360 Nirvan Team In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
CVE-2018-4258 shrek_wzw of Qihoo 360 Nirvan Team In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
CVE-2018-4282 Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin “slashd” Shilnenkov An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
CVE-2018-4289 shrek_wzw of Qihoo 360 Nirvan Team An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2018-4316 crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
CVE-2018-4326 an anonymous researcher working with Trend Micro’s Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2018-4378 HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4392 zhunki of 360 ESG Codesafe Team Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4393 Lufeng Li A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4402 Proteas of Qihoo 360 Nirvan Team A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
CVE-2018-4434 Zhuo Liang of Qihoo 360 Nirvan Team An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4438 lokihardt of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4452 Liu Long of Qihoo 360 Vulcan Team A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges.

2017年(获得23个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2017-13799 Lufeng Li of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-13807 Yangkang (@dnpushme) of Qihoo 360 Qex Team An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.
CVE-2017-13853 shrek_wzw from Qihoo 360 NirvanTeam An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsControl” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-13854 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-13884 360 Security working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-13885 360 Security working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-6985 Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7008 Yangkang (@dnpushme) of Qihoo 360 Qex Team An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the “CoreAudio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVE-2017-7009 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “IOUSBFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7014 Lee of Minionz, Axis and sss of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7021 sss and Axis of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsPowerManagement” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7032 Axis and sss of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7035 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7036 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-7044 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7045 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-7054 Alex Plaskett of MWR InfoSecurity, Lufeng Li of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7067 shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-7069 Proteas of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7092 Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-7165 360 Security working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-7167 sss of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the “ld64” component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code.
CVE-2017-7171 360 Security working with Trend Micro’s Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CoreAnimation” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

2016年(获得29个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2016-1732 Proteas of Qihoo 360 Nirvan Team AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-1733 Proteas of Qihoo 360 Nirvan Team AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1754 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
CVE-2016-1756 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1760 Proteas of Qihoo 360 Nirvan Team The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app’s events via a crafted app.
CVE-2016-1765 Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy) in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2016-4582 Shrek_wzw and Proteas of Qihoo 360 Nirvan Team The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
CVE-2016-4674 Shrek_wzw of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the “ATS” component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2016-4696 Shrek_wzw of Qihoo 360 Nirvan Team AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-4704 Shrek_wzw of Qihoo 360 Nirvan Team in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.
CVE-2016-4736 Proteas of Qihoo 360 Nirvan Team ibarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
CVE-2016-4777 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
CVE-2016-7643 Yangkang (@dnpushme) of Qihoo360 Qex Team An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the “ImageIO” component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.
CVE-2016-7647 Lufeng Li of Qihoo 360 Vulcan Team ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-7699 Proteas of Qihoo 360 Nirvan Team ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2017-2398 Lufeng Li of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2401 Lufeng Li of Qihoo 360 Vulcan Team An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2408 Yangkang (@dnpushme) of Qihoo360 Qex Team An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOATAFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2413 Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “QuickTime” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.
CVE-2017-2427 Axis and sss of Qihoo 360 Nirvan Team An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2438 sss and Axis of 360Nirvanteam An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleRAID” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVE-2017-2444 Mei Wang of 360 GearTeam An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2449 sss and Axis from 360NirvanTeam An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVE-2017-2502 Yangkang (@dnpushme) of Qihoo360 Qex Team An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “CoreAudio” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-2503 sss and Axis of 360Nirvan team An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2542 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2543 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2544 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2545 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “IOGraphics” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

2015年(获得9个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2015-5757 Lufeng Li of Qihoo 360 ibpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
CVE-2015-5769 Proteas of Qihoo 360 Nirvan Team The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
CVE-2015-5899 Lufeng Li of Qihoo 360 Vulcan Team ibpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-6986 Proteas of Qihoo 360 Nirvan Team m.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified “type confusion.”
CVE-2015-7040 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.
CVE-2015-7041 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.
CVE-2015-7042 Lufeng Li of Qihoo 360 Vulcan Team The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.
CVE-2015-7049 Proteas of Qihoo 360 Nirvan Team in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057.
CVE-2015-7057 Proteas of Qihoo 360 Nirvan Team in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.

2014年(获得1个致谢)

CVE编号 致谢360研究团队及个人 漏洞详情
CVE-2014-1253 MJ0011 of 360 Security Center AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.