苹果致谢
2021年(获得8个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2021-30661 | yangkang(@dnpushme) of 360 ATA | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2021-30665 | yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2021-30666 | yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2021-30687 | Hou JingYi (@hjy79425575) of Qihoo 360 | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2021-30726 | Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2021-30820 | Jianjun Dai of Qihoo 360 Alpha Lab | A logic issue was addressed with improved state management. |
| CVE-2021-30881 | Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 | An input validation issue was addressed with improved memory handling. |
2020年(获得21个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2020-27919 | Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. |
| CVE-2020-27945 | Zhuo Liang of Qihoo 360 Vulcan Team | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2020-9785 | Proteas of Qihoo 360 Nirvan Team | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9795 | Zhuo Liang of Qihoo 360 Vulcan Team | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9828 | Jianjun Dai of Qihoo 360 Alpha Lab | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information. |
| CVE-2020-9847 | Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn) | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. |
| CVE-2020-9865 | Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox. |
| CVE-2020-9918 | Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. |
| CVE-2020-9923 | Proteas | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. |
| CVE-2020-9949 | Proteas | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9965 | Proteas | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9966 | Proteas | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2021-1759 | Hou JingYi (@hjy79425575) of Qihoo 360 CERT | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
| CVE-2021-1760 | @S0rryMybad of 360 Vulcan Team | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. |
| CVE-2021-1780 | Jianjun Dai of 360 Alpha Lab | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. |
| CVE-2021-1789 | @S0rryMybad of 360 Vulcan Team | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2021-1794 | Jianjun Dai of 360 Alpha Lab | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1795 | Jianjun Dai of 360 Alpha Lab | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1796 | Jianjun Dai of 360 Alpha Lab | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1881 | an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
2019年 (获得40个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2019-6207 | Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. |
| CVE-2019-6217 | Fluoroacetate working with Trend Micro’s Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2019-6225 | Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. |
| CVE-2019-6227 | Qixun Zhao of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2019-6230 | Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox. |
| CVE-2019-6231 | Zhuo Liang of Qihoo 360 Nirvan Team | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory. |
| CVE-2019-6237 | G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2019-7292 | Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. |
| CVE-2019-8525 | Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2019-8528 | Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2019-8540 | Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. |
| CVE-2019-8555 | Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team | A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| CVE-2019-8633 | Zhuo Liang of Qihoo 360 Vulcan Team | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. |
| CVE-2019-8701 | Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges. |
| CVE-2019-8716 | Zhiyi Zhang of Codesafe Team of Legendsec at Qi’anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. |
| CVE-2019-8721 | Pan ZhenPeng of Qihoo 360 Nirvan Team | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. |
| CVE-2019-8722 | Pan ZhenPeng of Qihoo 360 Nirvan Team | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. |
| CVE-2019-8723 | Pan ZhenPeng of Qihoo 360 Nirvan Team | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. |
| CVE-2019-8724 | Pan ZhenPeng of Qihoo 360 Nirvan Team | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. |
| CVE-2019-8738 | Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. |
| CVE-2019-8739 | Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. |
| CVE-2019-8744 | Zhuo Liang of Qihoo 360 Vulcan Team | A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout. |
| CVE-2019-8759 | another of 360 Nirvan Team | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory. |
| CVE-2019-8800 | Pan ZhenPeng of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. |
| CVE-2019-8801 | Hou JingYi (@hjy79425575) of Qihoo 360 CERT | A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. |
| CVE-2019-8806 | Pan ZhenPeng of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. |
| CVE-2019-8840 | Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges. |
| CVE-2019-8848 | Zhuo Liang of Qihoo 360 Vulcan Team | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. |
| CVE-2019-8853 | Jianjun Dai of Qihoo 360 Alpha Lab | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory. |
| CVE-2020-3831 | Chilik Tamir of Zimperium zLabs, Corellium, Proteas of Qihoo 360 Nirvan Team | A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-3845 | Zhuo Liang of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. |
| CVE-2020-3847 | Jianjun Dai of Qihoo 360 Alpha Lab | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. |
| CVE-2020-3848 | Jianjun Dai of Qihoo 360 Alpha Lab | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| CVE-2020-3849 | Jianjun Dai of Qihoo 360 Alpha Lab | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| CVE-2020-3850 | Jianjun Dai of Qihoo 360 Alpha Lab | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| CVE-2020-3857 | Zhuo Liang of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. |
| CVE-2020-3860 | Proteas of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-3886 | Proteas | This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
| CVE-2020-3903 | Proteas of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. |
| CVE-2020-3904 | Proteas of Qihoo 360 Nirvan Team | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
2018年(获得28个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2018-12126 | Ke Sun, Henrique Kawakami, Kekai Hu, and Rodrigo Branco from Intel; Lei Shi – Qihoo 360 CERT; Marina Minkin; Daniel Genkin from University of Michigan; and Yuval Yarom from University of Adelaide | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
| CVE-2018-4120 | Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2018-4132 | Axis and pjf of IceSword Lab of Qihoo 360 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2018-4138 | Axis and pjf of IceSword Lab of Qihoo 360 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2018-4141 | an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2018-4159 | Axis and pjf of IceSword Lab of Qihoo 360 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2018-4165 | Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2018-4171 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Bluetooth” component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties. |
| CVE-2018-4211 | Proteas of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. |
| CVE-2018-4234 | Proteas of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “IOHIDFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2018-4236 | Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “IOGraphics” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2018-4242 | Zhuo Liang of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “Hypervisor” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2018-4253 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the “AMD” component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app. |
| CVE-2018-4255 | shrek_wzw of Qihoo 360 Nirvan Team | In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
| CVE-2018-4256 | shrek_wzw of Qihoo 360 Nirvan Team | In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
| CVE-2018-4257 | shrek_wzw of Qihoo 360 Nirvan Team | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. |
| CVE-2018-4258 | shrek_wzw of Qihoo 360 Nirvan Team | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. |
| CVE-2018-4282 | Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin “slashd” Shilnenkov | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2. |
| CVE-2018-4289 | shrek_wzw of Qihoo 360 Nirvan Team | An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6. |
| CVE-2018-4316 | crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team | A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
| CVE-2018-4326 | an anonymous researcher working with Trend Micro’s Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
| CVE-2018-4378 | HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
| CVE-2018-4392 | zhunki of 360 ESG Codesafe Team | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
| CVE-2018-4393 | Lufeng Li | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. |
| CVE-2018-4402 | Proteas of Qihoo 360 Nirvan Team | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. |
| CVE-2018-4434 | Zhuo Liang of Qihoo 360 Nirvan Team | An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2. |
| CVE-2018-4438 | lokihardt of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
| CVE-2018-4452 | Liu Long of Qihoo 360 Vulcan Team | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges. |
2017年(获得23个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2017-13799 | Lufeng Li of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-13807 | Yangkang (@dnpushme) of Qihoo 360 Qex Team | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. |
| CVE-2017-13853 | shrek_wzw from Qihoo 360 NirvanTeam | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsControl” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-13854 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-13884 | 360 Security working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-13885 | 360 Security working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-6985 | Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360 | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7008 | Yangkang (@dnpushme) of Qihoo 360 Qex Team | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the “CoreAudio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
| CVE-2017-7009 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “IOUSBFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7014 | Lee of Minionz, Axis and sss of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7021 | sss and Axis of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsPowerManagement” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7032 | Axis and sss of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7035 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7036 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2017-7044 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7045 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2017-7054 | Alex Plaskett of MWR InfoSecurity, Lufeng Li of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7067 | shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2017-7069 | Proteas of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-7092 | Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-7165 | 360 Security working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-7167 | sss of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the “ld64” component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. |
| CVE-2017-7171 | 360 Security working with Trend Micro’s Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CoreAnimation” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
2016年(获得29个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2016-1732 | Proteas of Qihoo 360 Nirvan Team | AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. |
| CVE-2016-1733 | Proteas of Qihoo 360 Nirvan Team | AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2016-1754 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. |
| CVE-2016-1756 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. |
| CVE-2016-1760 | Proteas of Qihoo 360 Nirvan Team | The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app’s events via a crafted app. |
| CVE-2016-1765 | Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy) | in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. |
| CVE-2016-4582 | Shrek_wzw and Proteas of Qihoo 360 Nirvan Team | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653. |
| CVE-2016-4674 | Shrek_wzw of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the “ATS” component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. |
| CVE-2016-4696 | Shrek_wzw of Qihoo 360 Nirvan Team | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. |
| CVE-2016-4704 | Shrek_wzw of Qihoo 360 Nirvan Team | in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705. |
| CVE-2016-4736 | Proteas of Qihoo 360 Nirvan Team | ibarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. |
| CVE-2016-4777 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. |
| CVE-2016-7643 | Yangkang (@dnpushme) of Qihoo360 Qex Team | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the “ImageIO” component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site. |
| CVE-2016-7647 | Lufeng Li of Qihoo 360 Vulcan Team | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. |
| CVE-2016-7699 | Proteas of Qihoo 360 Nirvan Team | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. |
| CVE-2017-2398 | Lufeng Li of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2401 | Lufeng Li of Qihoo 360 Vulcan Team | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2408 | Yangkang (@dnpushme) of Qihoo360 Qex Team | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOATAFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2413 | Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “QuickTime” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. |
| CVE-2017-2427 | Axis and sss of Qihoo 360 Nirvan Team | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2438 | sss and Axis of 360Nirvanteam | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleRAID” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. |
| CVE-2017-2444 | Mei Wang of 360 GearTeam | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-2449 | sss and Axis from 360NirvanTeam | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. |
| CVE-2017-2502 | Yangkang (@dnpushme) of Qihoo360 Qex Team | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “CoreAudio” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| CVE-2017-2503 | sss and Axis of 360Nirvan team | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2542 | 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2543 | 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| CVE-2017-2544 | 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2017-2545 | 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the “IOGraphics” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
2015年(获得9个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2015-5757 | Lufeng Li of Qihoo 360 | ibpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. |
| CVE-2015-5769 | Proteas of Qihoo 360 Nirvan Team | The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. |
| CVE-2015-5899 | Lufeng Li of Qihoo 360 Vulcan Team | ibpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
| CVE-2015-6986 | Proteas of Qihoo 360 Nirvan Team | m.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified “type confusion.” |
| CVE-2015-7040 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043. |
| CVE-2015-7041 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043. |
| CVE-2015-7042 | Lufeng Li of Qihoo 360 Vulcan Team | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043. |
| CVE-2015-7049 | Proteas of Qihoo 360 Nirvan Team | in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. |
| CVE-2015-7057 | Proteas of Qihoo 360 Nirvan Team | in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. |
2014年(获得1个致谢)
| CVE编号 | 致谢360研究团队及个人 | 漏洞详情 |
| CVE-2014-1253 | MJ0011 of 360 Security Center | AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. |