一、数据来源: https://support.apple.com/en-us/HT201222

统计时间: 2018-12-29, 18:37:30

二、2018 苹果 CVE 总数: 399

2017 苹果 CVE 总数: 739

三、2018 产生漏洞的模块个数: 131

2017 产生漏洞的模块个数: 169

四、漏洞数 Top 20 的模块信息如下:

01: WebKit, 2018: 95, 2017: 136

CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4372: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4373: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4375: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4376: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4382: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4386: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4392: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4416: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4409: A malicious website may be able to cause a denial of service

CVE-2018-4378: Processing maliciously crafted web content may lead to code execution

CVE-2018-4385: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4191: Unexpected interaction causes an ASSERT failure

CVE-2018-4311: Cross-origin SecurityErrors includes the accessed frame’s origin

CVE-2018-4316: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4299: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4323: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4328: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4358: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4359: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4360: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4319: A malicious website may cause unexepected cross-origin behavior

CVE-2018-4309: A malicious website may be able to execute scripts in the context of another website

CVE-2018-4197: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4306: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4312: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4314: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4315: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4317: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4318: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4345: A malicious website may exfiltrate image data cross-origin

CVE-2018-4361: Unexpected interaction causes an ASSERT failure

CVE-2018-4270: Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin

CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4266: A malicious website may be able to cause a denial of service

CVE-2018-4261: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4262: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4263: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4264: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4265: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4267: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4272: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4271: Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4145: Processing maliciously crafted web content may lead to code execution

CVE-2018-4274: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4232: Visiting a maliciously crafted website may lead to cookies being overwritten

CVE-2018-4192: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4214: Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4204: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4246: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4200: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4201: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4218: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4233: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4188: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4190: Visiting a maliciously crafted website may leak sensitive data

CVE-2018-4199: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4222: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4101: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4114: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4118: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4119: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4120: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4121: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4122: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4125: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4127: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4128: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4129: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4130: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4161: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4162: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4163: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4165: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4113: Unexpected interaction with indexing types causing an ASSERT failure

CVE-2018-4146: Processing maliciously crafted web content may lead to a denial of service

CVE-2018-4117: A malicious website may exfiltrate data cross-origin

CVE-2018-4207: Unexpected interaction causes an ASSERT failure

CVE-2018-4208: Unexpected interaction causes an ASSERT failure

CVE-2018-4209: Unexpected interaction causes an ASSERT failure

CVE-2018-4210: Unexpected interaction with indexing types caused a failure

CVE-2018-4212: Unexpected interaction causes an ASSERT failure

CVE-2018-4213: Unexpected interaction causes an ASSERT failure

CVE-2018-4133: Visiting a maliciously crafted website may lead to a cross-site scripting attack

CVE-2018-4088: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4096: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4147: Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4089: Processing maliciously crafted web content may lead to arbitrary code execution

02: Kernel, 2018: 42, 2017: 64

CVE-2018-4460: An attacker in a privileged position may be able to perform a denial of service attack

CVE-2018-4431: A local user may be able to read kernel memory

CVE-2018-4447: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4435: A malicious application may be able to elevate privileges

CVE-2018-4461: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4420: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4413: An application may be able to read restricted memory

CVE-2018-4419: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4399: A malicious application may be able to leak sensitive user information

CVE-2018-4340: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4425: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4259: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4286: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4287: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4288: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4291: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4407: An attacker in a privileged network position may be able to execute arbitrary code

CVE-2018-4424: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4336: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4337: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4344: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4363: An application may be able to read restricted memory

CVE-2018-3665: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel

CVE-2018-4282: A local user may be able to read kernel memory

CVE-2018-4249: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-8897: A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4241: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4243: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4150: A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4104: An application may be able to read restricted memory

CVE-2018-4143: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4136: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4160: An application may be able to execute arbitrary code with system privileges

CVE-2018-4185: A malicious application may be able to determine kernel memory layout

CVE-2018-4090: An application may be able to read restricted memory

CVE-2018-4092: An application may be able to read restricted memory

CVE-2018-4082: A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4093: An application may be able to read restricted memory

CVE-2018-4189: An application may be able to execute arbitrary code with kernel privileges

CVE-2017-5754: An application may be able to read kernel memory (Meltdown)

CVE-2018-4097: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4169: An application may be able to execute arbitrary code with kernel privileges

03: Safari, 2018: 13, 2017: 12

CVE-2018-4440: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4439: Visiting a malicious website may lead to user interface spoofing

CVE-2018-4445: A user may be unable to fully delete browsing history

CVE-2018-4307: A malicious website may be able to exfiltrate autofilled data in Safari

CVE-2018-4329: A user may be unable to delete browsing history items

CVE-2018-4195: Visiting a malicious website by clicking a link may lead to user interface spoofing

CVE-2018-4313: A local user may be able to discover websites a user has visited

CVE-2018-4279: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4247: A malicious website may be able to cause a denial of service

CVE-2018-4205: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4102: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4116: Visiting a malicious website may lead to address bar spoofing

CVE-2018-4134: Visiting a malicious website by clicking a link may lead to user interface spoofing

04: Security, 2018: 11, 2017: 12

CVE-2018-4400: Processing a maliciously crafted S/MIME signed message may lead to a denial of service

CVE-2018-4395: A local user may be able to cause a denial of service

CVE-2016-1777: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

CVE-2018-4224: A local user may be able to read a persistent device identifier

CVE-2018-4225: A local user may be able to modify the state of the Keychain

CVE-2018-4226: A local user may be able to view sensitive user information

CVE-2018-4221: Users may be tracked by malicious websites using client certificates

CVE-2018-4223: A local user may be able to read a persistent account identifier

CVE-2018-4144: A malicious application may be able to elevate privileges

CVE-2018-4086: A certificate may have name constraints applied incorrectly

CVE-2017-13889: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

05: Ruby, 2018: 11, 2017: 0

CVE-2017-0898: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-10784: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-14033: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-14064: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-17405: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-17742: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-6914: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8777: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8778: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8779: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8780: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

06: Intel Graphics Driver, 2018: 10, 2017: 14

CVE-2018-4434: A local user may be able to cause unexpected system termination or read kernel memory

CVE-2018-4456: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4421: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4334: An application may be able to execute arbitrary code with system privileges

CVE-2018-4396: An application may be able to read restricted memory

CVE-2018-4418: An application may be able to read restricted memory

CVE-2018-4350: An application may be able to execute arbitrary code with system privileges

CVE-2018-4351: An application may be able to read restricted memory

CVE-2018-4141: An application may be able to read restricted memory

CVE-2018-4132: An application may be able to execute arbitrary code with system privileges

07: CUPS, 2018: 7, 2017: 0

CVE-2018-4153: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content

CVE-2018-4406: An attacker in a privileged position may be able to perform a denial of service attack

CVE-2018-4276: An attacker in a privileged position may be able to perform a denial of service attack

CVE-2018-4180: A local process may modify other processes without entitlement checks

CVE-2018-4181: A local user may be able to read arbitrary files as root

CVE-2018-4182: A sandboxed process may be able to circumvent sandbox restrictions

CVE-2018-4183: A sandboxed process may be able to circumvent sandbox restrictions

08: AMD, 2018: 6, 2017: 0

CVE-2018-4462: An application may be able to read restricted memory

CVE-2018-4289: A malicious application may be able to determine kernel memory layout

CVE-2018-4253: A local user may be able to read kernel memory

CVE-2018-4256: A local user may be able to read kernel memory

CVE-2018-4255: A local user may be able to read kernel memory

CVE-2018-4254: An application may be able to execute arbitrary code with kernel privileges

09: Wi-Fi, 2018: 6, 2017: 13

CVE-2018-4338: An application may be able to read restricted memory

CVE-2018-4275: A malicious application may be able to break out of its sandbox

CVE-2017-13077: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

CVE-2017-13078: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

CVE-2017-13080: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)

CVE-2018-4084: An application may be able to read restricted memory

10: Messages, 2018: 5, 2017: 3

CVE-2018-4390: Processing a maliciously crafted text message may lead to UI spoofing

CVE-2018-4391: Processing a maliciously crafted text message may lead to UI spoofing

CVE-2018-4235: A local user may be able to conduct impersonation attacks

CVE-2018-4240: Processing a maliciously crafted message may lead to a denial of service

CVE-2018-4250: Processing a maliciously crafted message may lead to a denial of service

11: ATS, 2018: 5, 2017: 1

CVE-2018-4411: A malicious application may be able to elevate privileges

CVE-2018-4308: An application may be able to read restricted memory

CVE-2018-4285: A malicious application may be able to gain root privileges

CVE-2018-4219: A malicious application may be able to elevate privileges

CVE-2018-4112: Processing a maliciously crafted file might disclose user information

12: Notes, 2018: 4, 2017: 1

CVE-2018-4388: A local attacker may be able to share items from the lock screen

CVE-2018-4352: A local user may be able to discover a user’s deleted notes

CVE-2018-4152: An application may be able to gain elevated privileges

CVE-2017-7151: An application may be able to gain elevated privileges

13: CoreFoundation, 2018: 4, 2017: 2

CVE-2018-4412: A malicious application may be able to elevate privileges

CVE-2018-4414: An application may be able to gain elevated privileges

CVE-2018-4155: An application may be able to gain elevated privileges

CVE-2018-4158: An application may be able to gain elevated privileges

14: EFI, 2018: 4, 2017: 1

CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis

CVE-2018-4342: A local user may be able to modify protected parts of the file system

CVE-2017-5705:

CVE-2017-5708:

15: IOKit, 2018: 4, 2017: 6

CVE-2018-4402: An application may be able to execute arbitrary code with system privileges

CVE-2018-4341: A malicious application may be able to break out of its sandbox

CVE-2018-4354: A malicious application may be able to break out of its sandbox

CVE-2018-4383: An application may be able to execute arbitrary code with kernel privileges

16: Mail, 2018: 4, 2017: 3

CVE-2018-4389: Processing a maliciously crafted mail message may lead to UI spoofing

CVE-2018-4227: An attacker may be able to exfiltrate the contents of S/MIME- encrypted e-mail

CVE-2018-4111: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail

CVE-2018-4174: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail

17: LibreSSL, 2018: 4, 2017: 1

CVE-2015-3194: Multiple issues in libressl were addressed in this update

CVE-2015-5333: Multiple issues in libressl were addressed in this update

CVE-2015-5334: Multiple issues in libressl were addressed in this update

CVE-2016-0702: Multiple issues in libressl were addressed in this update

18: libxpc, 2018: 4, 2017: 1

CVE-2018-4280: An application may be able to gain elevated privileges

CVE-2018-4248: A malicious application may be able to read restricted memory

CVE-2018-4237: An application may be able to gain elevated privileges

CVE-2018-4404: An application may be able to execute arbitrary code with system privileges

19: Core Bluetooth, 2018: 4, 2017: 0

CVE-2018-4327: An application may be able to execute arbitrary code with system privileges

CVE-2018-4330: An application may be able to execute arbitrary code with system privileges

CVE-2018-4087: An application may be able to execute arbitrary code with system privileges

CVE-2018-4095: An application may be able to execute arbitrary code with system privileges

20: Disk Images, 2018: 3, 2017: 1

CVE-2018-4427: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4465: An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4176: Mounting a malicious disk image may result in the launching of an application

五、2018 报告漏洞的人数: 201

2017 报告漏洞的人数: 169

六、Top 20 个人:

01: found by OSS-Fuzz, 2018: 24, 2017: 20

CVE-2018-4191: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4361: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4357: LLVM, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4270: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4266: WebKit, A malicious website may be able to cause a denial of service

CVE-2018-4272: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4271: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4273: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4145: WebKit, Processing maliciously crafted web content may lead to code execution

CVE-2018-4214: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash

CVE-2018-4246: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4114: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4113: WebKit, Unexpected interaction with indexing types causing an ASSERT failure

CVE-2018-4146: WebKit, Processing maliciously crafted web content may lead to a denial of service

CVE-2018-4207: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4208: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4209: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4210: WebKit, Unexpected interaction with indexing types caused a failure

CVE-2018-4212: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4213: WebKit, Unexpected interaction causes an ASSERT failure

CVE-2018-4164: LLVM, Multiple issues in llvm were addressed in this update

CVE-2018-4096: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4147: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2017-8817: curl, Multiple issues in curl

02: an anonymous researcher, 2018: 15, 2017: 35

CVE-2018-4369: NetworkExtension, Connecting to a VPN server may leak DNS queries to a DNS proxy

CVE-2018-4365: Contacts, Processing a maliciously crafted vcf file may lead to a denial of service

CVE-2018-4385: WebKit, Visiting a malicious website may lead to address bar spoofing

CVE-2018-4356: CoreMedia, An app may be able to learn information about the current camera view before being granted camera access

CVE-2018-4293: CFNetwork, Cookies may unexpectedly persist in Safari

CVE-2018-4201: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4254: AMD, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4239: Magnifier, A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen

CVE-2018-4244: Siri Contacts, An attacker with physical access to a device may be able to see private contact information

CVE-2018-4186: Safari Downloads, In Private Browsing, some downloads were not removed from the downloads list

CVE-2018-4170: Admin Framework, Passwords supplied to sysadminctl may be exposed to other local users

CVE-2018-4150: Kernel, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4124: CoreText, Processing a maliciously crafted string may lead to heap corruption

CVE-2018-4189: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4169: Kernel, An application may be able to execute arbitrary code with kernel privileges

03: Ian Beer of Google Project Zero, 2018: 13, 2017: 32

CVE-2018-4461: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4334: Intel Graphics Driver, An application may be able to execute arbitrary code with system privileges

CVE-2018-4408: IOHIDFamily, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4341: IOKit, A malicious application may be able to break out of its sandbox

CVE-2018-4354: IOKit, A malicious application may be able to break out of its sandbox

CVE-2018-4337: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4363: Kernel, An application may be able to read restricted memory

CVE-2018-4241: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4243: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4230: NVIDIA Graphics Drivers, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4206: Crash Reporter, An application may be able to gain elevated privileges

CVE-2018-4139: kext tools, An application may be able to execute arbitrary code with system privileges

CVE-2018-4083: Touch Bar Support, A malicious application may be able to execute arbitrary code with system privileges

04: Brandon Azad, 2018: 11, 2017: 4

CVE-2018-4426: Grand Central Dispatch, An application may be able to execute arbitrary code with system privileges

CVE-2018-4331: Heimdal, An application may be able to execute arbitrary code with system privileges

CVE-2018-4333: Crash Reporter, An application may be able to read restricted memory

CVE-2018-4332: Heimdal, An application may be able to execute arbitrary code with system privileges

CVE-2018-4343: Heimdal, An application may be able to execute arbitrary code with system privileges

CVE-2018-4336: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4335: IOMobileFrameBuffer, An application may be able to read restricted memory

CVE-2018-4280: libxpc, An application may be able to gain elevated privileges

CVE-2018-4248: libxpc, A malicious application may be able to read restricted memory

CVE-2018-4275: Wi-Fi, A malicious application may be able to break out of its sandbox

CVE-2018-4185: Kernel, A malicious application may be able to determine kernel memory layout

05: Ivan Fratric of Google Project Zero, 2018: 11, 2017: 28

CVE-2018-4323: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4328: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4197: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4306: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4312: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4314: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4315: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4317: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4318: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4200: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4089: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

06: Samuel Groß (@5aelo), 2018: 11, 2017: 0

CVE-2018-4359: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4166: CFNetwork Session, An application may be able to gain elevated privileges

CVE-2018-4155: CoreFoundation, An application may be able to gain elevated privileges

CVE-2018-4158: CoreFoundation, An application may be able to gain elevated privileges

CVE-2018-4167: File System Events, An application may be able to gain elevated privileges

CVE-2018-4151: iCloud Drive, An application may be able to gain elevated privileges

CVE-2018-4152: Notes, An application may be able to gain elevated privileges

CVE-2017-7151: Notes, An application may be able to gain elevated privileges

CVE-2018-4156: PluginKit, An application may be able to gain elevated privileges

CVE-2018-4157: Quick Look, An application may be able to gain elevated privileges

CVE-2018-4154: Storage, An application may be able to gain elevated privileges

07: Abraham Masri (@cheesecakeufo), 2018: 9, 2017: 0

CVE-2018-4269: CoreCrypto, A malicious application may be able to break out of its sandbox

CVE-2018-4216: Phone, A malicious application may be able to bypass the call confirmation prompt

CVE-2018-4224: Security, A local user may be able to read a persistent device identifier

CVE-2018-4225: Security, A local user may be able to modify the state of the Keychain

CVE-2018-4226: Security, A local user may be able to view sensitive user information

CVE-2018-4223: Security, A local user may be able to read a persistent account identifier

CVE-2018-4215: Bluetooth, A malicious application may be able to elevate privileges

CVE-2018-4100: Contacts, Processing a maliciously crafted vcf file may lead to a denial of service

CVE-2018-4144: Security, A malicious application may be able to elevate privileges

08: Mohamed Ghannam (@_simo36), 2018: 7, 2017: 0

CVE-2018-4303: Airport, A malicious application may be able to elevate privileges

CVE-2018-4420: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4419: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4308: ATS, An application may be able to read restricted memory

CVE-2018-4340: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4285: ATS, A malicious application may be able to gain root privileges

CVE-2018-4219: ATS, A malicious application may be able to elevate privileges

09: lokihardt of Google Project Zero, 2018: 7, 2017: 37

CVE-2018-4441: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4442: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4443: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4438: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4382: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4386: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4416: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

10: shrek_wzw of Qihoo 360 Nirvan Team, 2018: 7, 2017: 7

CVE-2018-4289: AMD, A malicious application may be able to determine kernel memory layout

CVE-2018-4253: AMD, A local user may be able to read kernel memory

CVE-2018-4256: AMD, A local user may be able to read kernel memory

CVE-2018-4255: AMD, A local user may be able to read kernel memory

CVE-2018-4258: AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4257: AppleGraphicsPowerManagement, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4171: Bluetooth, A malicious application may be able to determine kernel memory layout.

11: Natalie Silvanovich of Google Project Zero, 2018: 6, 2017: 2

CVE-2018-4384: AppleAVD, A malicious application may be able to elevate privileges

CVE-2018-4366: FaceTime, A remote attacker may be able to leak memory

CVE-2018-4367: FaceTime, A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution

CVE-2018-4218: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4222: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4121: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

12: Apple, 2018: 6, 2017: 18

CVE-2018-4401: IOUserEthernet, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4383: IOKit, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4327: Core Bluetooth, An application may be able to execute arbitrary code with system privileges

CVE-2018-4281: SwiftNIO, A remote attacker may be able to overwrite arbitrary memory

CVE-2018-4330: Core Bluetooth, An application may be able to execute arbitrary code with system privileges

CVE-2018-4220: Swift for Ubuntu, A process may gain admin privileges and execute arbitrary code

13: Jun Kokatsu (@shhnjk), 2018: 6, 2017: 1

CVE-2018-4345: WebKit, A malicious website may exfiltrate image data cross-origin

CVE-2018-4362: SafariViewController, Visiting a malicious website may lead to address bar spoofing

CVE-2018-4278: WebKit, A malicious website may exfiltrate audio data cross-origin

CVE-2018-4190: WebKit, Visiting a maliciously crafted website may leak sensitive data

CVE-2018-4118: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2017-7830: WebKit Page Loading, Processing maliciously crafted web content may lead to arbitrary code execution

14: videosdebarraquito, 2018: 5, 2017: 0

CVE-2018-4430: FaceTime, A local attacker may be able to view contacts from the lock screen

CVE-2018-4388: Notes, A local attacker may be able to share items from the lock screen

CVE-2018-4387: VoiceOver, A local attacker may be able to view photos from the lock screen

CVE-2018-4380: VoiceOver, A local attacker may be able to view photos and contacts from the lock screen

CVE-2018-4379: Quick Look, A local attacker may be able to share items from the lock screen

15: an anonymous researcher working with Trend Micro’s Zero Day Initiative, 2018: 5, 2017: 2

CVE-2018-4410: AppleGraphicsControl, An application may be able to execute arbitrary code with system privileges

CVE-2018-4422: IOGraphics, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4309: WebKit, A malicious website may be able to execute scripts in the context of another website

CVE-2018-4119: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4127: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

16: Kevin Backhouse of Semmle and LGTM.com, 2018: 5, 2017: 0

CVE-2018-4259: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4286: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4287: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4288: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

CVE-2018-4291: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

17: xisigr of Tencent’s Xuanwu Lab (tencent.com), 2018: 4, 2017: 9

CVE-2018-4439: Safari, Visiting a malicious website may lead to user interface spoofing

CVE-2018-4260: WebKit Page Loading, Visiting a malicious website may lead to address bar spoofing

CVE-2018-4277: LinkPresentation, Visiting a malicious website may lead to address bar spoofing

CVE-2018-4205: Safari, Visiting a malicious website may lead to address bar spoofing

18: The UK’s National Cyber Security Centre (NCSC), 2018: 4, 2017: 3

CVE-2018-4412: CoreFoundation, A malicious application may be able to elevate privileges

CVE-2018-4414: CoreFoundation, An application may be able to gain elevated privileges

CVE-2018-4344: Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4104: Kernel, An application may be able to read restricted memory

19: WanderingGlitch of Trend Micro’s Zero Day Initiative, 2018: 4, 2017: 0

CVE-2018-4125: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4161: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4162: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4163: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

20: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, 2018: 3, 2017: 0

CVE-2018-4437: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4464: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

CVE-2018-4372: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

关键字: kernel, 2018 漏洞数: 55, 2017 漏洞数: 79

CVE-2018-4427, Disk Images, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4431, Kernel, A local user may be able to read kernel memory

CVE-2018-4447, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4461, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4465, Disk Images, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4434, Intel Graphics Driver, A local user may be able to cause unexpected system termination or read kernel memory

CVE-2018-4456, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4421, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4420, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4419, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4242, Hypervisor, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4422, IOGraphics, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4408, IOHIDFamily, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4401, IOUserEthernet, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4340, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4425, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4424, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4326, mDNSOffloadUserClient, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4383, IOKit, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4336, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4337, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4344, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4357, LLVM, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4289, AMD, A malicious application may be able to determine kernel memory layout

CVE-2018-4268, APFS, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4283, IOGraphics, A local user may be able to read kernel memory

CVE-2018-4282, Kernel, A local user may be able to read kernel memory

CVE-2018-4253, AMD, A local user may be able to read kernel memory

CVE-2018-4256, AMD, A local user may be able to read kernel memory

CVE-2018-4255, AMD, A local user may be able to read kernel memory

CVE-2018-4254, AMD, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4258, AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4257, AppleGraphicsPowerManagement, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4171, Bluetooth, A malicious application may be able to determine kernel memory layout.

CVE-2018-4228, IOFireWireAVC, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4236, IOGraphics, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4234, IOHIDFamily, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4249, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-8897, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4241, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4243, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4230, NVIDIA Graphics Drivers, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4135, IOFireWireFamily, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4150, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4143, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4136, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4185, Kernel, A malicious application may be able to determine kernel memory layout

CVE-2017-13911, SIP, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4109, Graphics Driver, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4082, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2018-4189, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4098, IOHIDFamily, An application may be able to execute arbitrary code with kernel privileges

CVE-2017-5754, Kernel, An application may be able to read kernel memory (Meltdown)

CVE-2018-4097, Kernel, An application may be able to execute arbitrary code with kernel privileges

CVE-2018-4169, Kernel, An application may be able to execute arbitrary code with kernel privileges

关键字: remote, 2018 漏洞数: 19, 2017 漏洞数: 9

CVE-2018-4366, FaceTime, A remote attacker may be able to leak memory

CVE-2018-4367, FaceTime, A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution

CVE-2018-4295, afpserver, A remote attacker may be able to attack AFP servers through HTTP clients

CVE-2018-4153, CUPS, In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content

CVE-2017-0898, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-10784, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-14033, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-14064, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-17405, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2017-17742, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-6914, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8777, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8778, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8779, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-8780, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution

CVE-2018-4281, SwiftNIO, A remote attacker may be able to overwrite arbitrary memory

CVE-2018-4298, Remote Management, A remote user may be able to gain root privileges

CVE-2018-4140, Telephony, A remote attacker can cause a device to unexpectedly restart

CVE-2018-4148, Telephony, A remote attacker may be able to execute arbitrary code

关键字: Google, 2018 漏洞数: 47, 2017 漏洞数: 125

CVE-2018-4435, Jann Horn of Google Project Zero, Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security Team working with Trend Micro’s Zero Day Initiative

CVE-2018-4461, Ian Beer of Google Project Zero

CVE-2018-4441, lokihardt of Google Project Zero

CVE-2018-4442, lokihardt of Google Project Zero

CVE-2018-4443, lokihardt of Google Project Zero

CVE-2018-4438, lokihardt of Google Project Zero

CVE-2018-4382, lokihardt of Google Project Zero

CVE-2018-4386, lokihardt of Google Project Zero

CVE-2018-4416, lokihardt of Google Project Zero

CVE-2018-4384, Natalie Silvanovich of Google Project Zero

CVE-2018-4366, Natalie Silvanovich of Google Project Zero

CVE-2018-4367, Natalie Silvanovich of Google Project Zero

CVE-2018-3639, Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)

CVE-2018-4334, Ian Beer of Google Project Zero

CVE-2018-4408, Ian Beer of Google Project Zero

CVE-2018-4341, Ian Beer of Google Project Zero

CVE-2018-4354, Ian Beer of Google Project Zero

CVE-2018-4323, Ivan Fratric of Google Project Zero

CVE-2018-4328, Ivan Fratric of Google Project Zero

CVE-2018-4319, John Pettitt of Google

CVE-2018-4197, Ivan Fratric of Google Project Zero

CVE-2018-4306, Ivan Fratric of Google Project Zero

CVE-2018-4312, Ivan Fratric of Google Project Zero

CVE-2018-4314, Ivan Fratric of Google Project Zero

CVE-2018-4315, Ivan Fratric of Google Project Zero

CVE-2018-4317, Ivan Fratric of Google Project Zero

CVE-2018-4318, Ivan Fratric of Google Project Zero

CVE-2018-4337, Ian Beer of Google Project Zero

CVE-2018-4363, Ian Beer of Google Project Zero

CVE-2018-4200, Ivan Fratric of Google Project Zero

CVE-2018-4218, Natalie Silvanovich of Google Project Zero

CVE-2018-4222, Natalie Silvanovich of Google Project Zero

CVE-2018-4241, Ian Beer of Google Project Zero

CVE-2018-4243, Ian Beer of Google Project Zero

CVE-2018-4230, Ian Beer of Google Project Zero

CVE-2018-4206, Ian Beer of Google Project Zero

CVE-2018-4121, Natalie Silvanovich of Google Project Zero

CVE-2018-4142, Robin Leroy of Google Switzerland GmbH

CVE-2018-4139, Ian Beer of Google Project Zero

CVE-2018-4089, Ivan Fratric of Google Project Zero

CVE-2018-4090, Jann Horn of Google Project Zero

CVE-2018-4082, Russ Cox of Google

CVE-2018-4093, Jann Horn of Google Project Zero

CVE-2017-5754, Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)

CVE-2018-4083, Ian Beer of Google Project Zero

CVE-2017-5753, Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.

CVE-2017-5715, Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.

关键字: 360, 2018 漏洞数: 24, 2017 漏洞数: 36

CVE-2018-4434, Zhuo Liang of Qihoo 360 Nirvan Team

CVE-2018-4392, zhunki of 360 ESG Codesafe Team

CVE-2018-4378, HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team

CVE-2018-4242, Zhuo Liang of Qihoo 360 Nirvan Team

CVE-2018-4402, Proteas of Qihoo 360 Nirvan Team

CVE-2018-4326, an anonymous researcher working with Trend Micro’s Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team

CVE-2018-4316, crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

CVE-2018-4289, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4282, Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin “slashd” Shilnenkov

CVE-2018-4253, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4256, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4255, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4258, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4257, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4171, shrek_wzw of Qihoo 360 Nirvan Team

CVE-2018-4211, Proteas of Qihoo 360 Nirvan Team

CVE-2018-4159, Axis and pjf of IceSword Lab of Qihoo 360

CVE-2018-4141, an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team

CVE-2018-4236, Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

CVE-2018-4234, Proteas of Qihoo 360 Nirvan Team

CVE-2018-4120, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

CVE-2018-4165, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

CVE-2018-4132, Axis and pjf of IceSword Lab of Qihoo 360

CVE-2018-4138, Axis and pjf of IceSword Lab of Qihoo 360

关键字: Tencent, 2018 漏洞数: 10, 2017 漏洞数: 42

CVE-2018-4440, Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)

CVE-2018-4439, xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2018-4195, xisigr of Tencent’s Xuanwu Lab (www.tencent.com)

CVE-2018-4260, xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2018-4277, xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2018-4194, Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab

CVE-2018-4205, xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2018-4187, Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)

CVE-2018-4116, @littlelailo, xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2018-4134, xisigr of Tencent’s Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department

关键字: Alibaba, 2018 漏洞数: 3, 2017 漏洞数: 2

CVE-2018-4321, Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

CVE-2018-4322, Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

CVE-2018-4135, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.

关键字: Ant-financial, 2018 漏洞数: 3, 2017 漏洞数: 5

CVE-2018-4264, found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab

CVE-2018-4194, Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab

CVE-2018-4101, Yuan Deng of Ant-financial Light-Year Security Lab

关键字: Chaitin, 2018 漏洞数: 3, 2017 漏洞数: 8

CVE-2018-4449, Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab

CVE-2018-4450, Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab

CVE-2018-4423, Youfu Zhang of Chaitin Security Research Lab (@ChaitinTech)

关键字: Baidu, 2018 漏洞数: 1, 2017 漏洞数: 9

CVE-2018-4129, likemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative

声明:本文来自Proteas,版权归作者所有。文章内容仅代表作者独立观点,不代表士冗科技立场,转载目的在于传递更多信息。如有侵权,请联系 service@expshell.com。