一、数据来源: https://support.apple.com/en-us/HT201222
统计时间: 2018-12-29, 18:37:30
二、2018 苹果 CVE 总数: 399
2017 苹果 CVE 总数: 739
三、2018 产生漏洞的模块个数: 131
2017 产生漏洞的模块个数: 169
四、漏洞数 Top 20 的模块信息如下:
01: WebKit, 2018: 95, 2017: 136
CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4372: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4373: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4375: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4376: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4382: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4386: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4392: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4416: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4409: A malicious website may be able to cause a denial of service
CVE-2018-4378: Processing maliciously crafted web content may lead to code execution
CVE-2018-4385: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4191: Unexpected interaction causes an ASSERT failure
CVE-2018-4311: Cross-origin SecurityErrors includes the accessed frame’s origin
CVE-2018-4316: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4299: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4323: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4328: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4358: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4359: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4360: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4319: A malicious website may cause unexepected cross-origin behavior
CVE-2018-4309: A malicious website may be able to execute scripts in the context of another website
CVE-2018-4197: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4306: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4312: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4314: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4315: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4317: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4318: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4345: A malicious website may exfiltrate image data cross-origin
CVE-2018-4361: Unexpected interaction causes an ASSERT failure
CVE-2018-4270: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin
CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4266: A malicious website may be able to cause a denial of service
CVE-2018-4261: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4262: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4263: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4264: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4265: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4267: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4272: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4271: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4145: Processing maliciously crafted web content may lead to code execution
CVE-2018-4274: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4232: Visiting a maliciously crafted website may lead to cookies being overwritten
CVE-2018-4192: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4214: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4204: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4246: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4200: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4201: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4218: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4233: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4188: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4190: Visiting a maliciously crafted website may leak sensitive data
CVE-2018-4199: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4222: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4101: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4114: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4118: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4119: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4120: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4121: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4122: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4125: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4127: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4128: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4129: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4130: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4161: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4162: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4163: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4165: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4113: Unexpected interaction with indexing types causing an ASSERT failure
CVE-2018-4146: Processing maliciously crafted web content may lead to a denial of service
CVE-2018-4117: A malicious website may exfiltrate data cross-origin
CVE-2018-4207: Unexpected interaction causes an ASSERT failure
CVE-2018-4208: Unexpected interaction causes an ASSERT failure
CVE-2018-4209: Unexpected interaction causes an ASSERT failure
CVE-2018-4210: Unexpected interaction with indexing types caused a failure
CVE-2018-4212: Unexpected interaction causes an ASSERT failure
CVE-2018-4213: Unexpected interaction causes an ASSERT failure
CVE-2018-4133: Visiting a maliciously crafted website may lead to a cross-site scripting attack
CVE-2018-4088: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4096: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4147: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4089: Processing maliciously crafted web content may lead to arbitrary code execution
02: Kernel, 2018: 42, 2017: 64
CVE-2018-4460: An attacker in a privileged position may be able to perform a denial of service attack
CVE-2018-4431: A local user may be able to read kernel memory
CVE-2018-4447: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4435: A malicious application may be able to elevate privileges
CVE-2018-4461: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4420: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4413: An application may be able to read restricted memory
CVE-2018-4419: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4399: A malicious application may be able to leak sensitive user information
CVE-2018-4340: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4425: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4259: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4286: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4287: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4288: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4291: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4407: An attacker in a privileged network position may be able to execute arbitrary code
CVE-2018-4424: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4336: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4337: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4344: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4363: An application may be able to read restricted memory
CVE-2018-3665: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel
CVE-2018-4282: A local user may be able to read kernel memory
CVE-2018-4249: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-8897: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4241: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4243: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4150: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4104: An application may be able to read restricted memory
CVE-2018-4143: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4136: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4160: An application may be able to execute arbitrary code with system privileges
CVE-2018-4185: A malicious application may be able to determine kernel memory layout
CVE-2018-4090: An application may be able to read restricted memory
CVE-2018-4092: An application may be able to read restricted memory
CVE-2018-4082: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4093: An application may be able to read restricted memory
CVE-2018-4189: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-5754: An application may be able to read kernel memory (Meltdown)
CVE-2018-4097: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4169: An application may be able to execute arbitrary code with kernel privileges
03: Safari, 2018: 13, 2017: 12
CVE-2018-4440: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4439: Visiting a malicious website may lead to user interface spoofing
CVE-2018-4445: A user may be unable to fully delete browsing history
CVE-2018-4307: A malicious website may be able to exfiltrate autofilled data in Safari
CVE-2018-4329: A user may be unable to delete browsing history items
CVE-2018-4195: Visiting a malicious website by clicking a link may lead to user interface spoofing
CVE-2018-4313: A local user may be able to discover websites a user has visited
CVE-2018-4279: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4247: A malicious website may be able to cause a denial of service
CVE-2018-4205: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4102: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4116: Visiting a malicious website may lead to address bar spoofing
CVE-2018-4134: Visiting a malicious website by clicking a link may lead to user interface spoofing
04: Security, 2018: 11, 2017: 12
CVE-2018-4400: Processing a maliciously crafted S/MIME signed message may lead to a denial of service
CVE-2018-4395: A local user may be able to cause a denial of service
CVE-2016-1777: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
CVE-2018-4224: A local user may be able to read a persistent device identifier
CVE-2018-4225: A local user may be able to modify the state of the Keychain
CVE-2018-4226: A local user may be able to view sensitive user information
CVE-2018-4221: Users may be tracked by malicious websites using client certificates
CVE-2018-4223: A local user may be able to read a persistent account identifier
CVE-2018-4144: A malicious application may be able to elevate privileges
CVE-2018-4086: A certificate may have name constraints applied incorrectly
CVE-2017-13889: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
05: Ruby, 2018: 11, 2017: 0
CVE-2017-0898: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-10784: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-14033: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-14064: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-17405: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-17742: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-6914: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8777: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8778: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8779: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8780: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
06: Intel Graphics Driver, 2018: 10, 2017: 14
CVE-2018-4434: A local user may be able to cause unexpected system termination or read kernel memory
CVE-2018-4456: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4421: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4334: An application may be able to execute arbitrary code with system privileges
CVE-2018-4396: An application may be able to read restricted memory
CVE-2018-4418: An application may be able to read restricted memory
CVE-2018-4350: An application may be able to execute arbitrary code with system privileges
CVE-2018-4351: An application may be able to read restricted memory
CVE-2018-4141: An application may be able to read restricted memory
CVE-2018-4132: An application may be able to execute arbitrary code with system privileges
07: CUPS, 2018: 7, 2017: 0
CVE-2018-4153: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content
CVE-2018-4406: An attacker in a privileged position may be able to perform a denial of service attack
CVE-2018-4276: An attacker in a privileged position may be able to perform a denial of service attack
CVE-2018-4180: A local process may modify other processes without entitlement checks
CVE-2018-4181: A local user may be able to read arbitrary files as root
CVE-2018-4182: A sandboxed process may be able to circumvent sandbox restrictions
CVE-2018-4183: A sandboxed process may be able to circumvent sandbox restrictions
08: AMD, 2018: 6, 2017: 0
CVE-2018-4462: An application may be able to read restricted memory
CVE-2018-4289: A malicious application may be able to determine kernel memory layout
CVE-2018-4253: A local user may be able to read kernel memory
CVE-2018-4256: A local user may be able to read kernel memory
CVE-2018-4255: A local user may be able to read kernel memory
CVE-2018-4254: An application may be able to execute arbitrary code with kernel privileges
09: Wi-Fi, 2018: 6, 2017: 13
CVE-2018-4338: An application may be able to read restricted memory
CVE-2018-4275: A malicious application may be able to break out of its sandbox
CVE-2017-13077: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
CVE-2017-13078: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
CVE-2017-13080: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
CVE-2018-4084: An application may be able to read restricted memory
10: Messages, 2018: 5, 2017: 3
CVE-2018-4390: Processing a maliciously crafted text message may lead to UI spoofing
CVE-2018-4391: Processing a maliciously crafted text message may lead to UI spoofing
CVE-2018-4235: A local user may be able to conduct impersonation attacks
CVE-2018-4240: Processing a maliciously crafted message may lead to a denial of service
CVE-2018-4250: Processing a maliciously crafted message may lead to a denial of service
11: ATS, 2018: 5, 2017: 1
CVE-2018-4411: A malicious application may be able to elevate privileges
CVE-2018-4308: An application may be able to read restricted memory
CVE-2018-4285: A malicious application may be able to gain root privileges
CVE-2018-4219: A malicious application may be able to elevate privileges
CVE-2018-4112: Processing a maliciously crafted file might disclose user information
12: Notes, 2018: 4, 2017: 1
CVE-2018-4388: A local attacker may be able to share items from the lock screen
CVE-2018-4352: A local user may be able to discover a user’s deleted notes
CVE-2018-4152: An application may be able to gain elevated privileges
CVE-2017-7151: An application may be able to gain elevated privileges
13: CoreFoundation, 2018: 4, 2017: 2
CVE-2018-4412: A malicious application may be able to elevate privileges
CVE-2018-4414: An application may be able to gain elevated privileges
CVE-2018-4155: An application may be able to gain elevated privileges
CVE-2018-4158: An application may be able to gain elevated privileges
14: EFI, 2018: 4, 2017: 1
CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis
CVE-2018-4342: A local user may be able to modify protected parts of the file system
CVE-2017-5705:
CVE-2017-5708:
15: IOKit, 2018: 4, 2017: 6
CVE-2018-4402: An application may be able to execute arbitrary code with system privileges
CVE-2018-4341: A malicious application may be able to break out of its sandbox
CVE-2018-4354: A malicious application may be able to break out of its sandbox
CVE-2018-4383: An application may be able to execute arbitrary code with kernel privileges
16: Mail, 2018: 4, 2017: 3
CVE-2018-4389: Processing a maliciously crafted mail message may lead to UI spoofing
CVE-2018-4227: An attacker may be able to exfiltrate the contents of S/MIME- encrypted e-mail
CVE-2018-4111: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail
CVE-2018-4174: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
17: LibreSSL, 2018: 4, 2017: 1
CVE-2015-3194: Multiple issues in libressl were addressed in this update
CVE-2015-5333: Multiple issues in libressl were addressed in this update
CVE-2015-5334: Multiple issues in libressl were addressed in this update
CVE-2016-0702: Multiple issues in libressl were addressed in this update
18: libxpc, 2018: 4, 2017: 1
CVE-2018-4280: An application may be able to gain elevated privileges
CVE-2018-4248: A malicious application may be able to read restricted memory
CVE-2018-4237: An application may be able to gain elevated privileges
CVE-2018-4404: An application may be able to execute arbitrary code with system privileges
19: Core Bluetooth, 2018: 4, 2017: 0
CVE-2018-4327: An application may be able to execute arbitrary code with system privileges
CVE-2018-4330: An application may be able to execute arbitrary code with system privileges
CVE-2018-4087: An application may be able to execute arbitrary code with system privileges
CVE-2018-4095: An application may be able to execute arbitrary code with system privileges
20: Disk Images, 2018: 3, 2017: 1
CVE-2018-4427: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4465: An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4176: Mounting a malicious disk image may result in the launching of an application
五、2018 报告漏洞的人数: 201
2017 报告漏洞的人数: 169
六、Top 20 个人:
01: found by OSS-Fuzz, 2018: 24, 2017: 20
CVE-2018-4191: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4361: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4357: LLVM, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4270: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4266: WebKit, A malicious website may be able to cause a denial of service
CVE-2018-4272: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4271: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4273: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4145: WebKit, Processing maliciously crafted web content may lead to code execution
CVE-2018-4214: WebKit, Processing maliciously crafted web content may lead to an unexpected Safari crash
CVE-2018-4246: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4114: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4113: WebKit, Unexpected interaction with indexing types causing an ASSERT failure
CVE-2018-4146: WebKit, Processing maliciously crafted web content may lead to a denial of service
CVE-2018-4207: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4208: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4209: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4210: WebKit, Unexpected interaction with indexing types caused a failure
CVE-2018-4212: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4213: WebKit, Unexpected interaction causes an ASSERT failure
CVE-2018-4164: LLVM, Multiple issues in llvm were addressed in this update
CVE-2018-4096: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4147: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-8817: curl, Multiple issues in curl
02: an anonymous researcher, 2018: 15, 2017: 35
CVE-2018-4369: NetworkExtension, Connecting to a VPN server may leak DNS queries to a DNS proxy
CVE-2018-4365: Contacts, Processing a maliciously crafted vcf file may lead to a denial of service
CVE-2018-4385: WebKit, Visiting a malicious website may lead to address bar spoofing
CVE-2018-4356: CoreMedia, An app may be able to learn information about the current camera view before being granted camera access
CVE-2018-4293: CFNetwork, Cookies may unexpectedly persist in Safari
CVE-2018-4201: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4254: AMD, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4239: Magnifier, A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen
CVE-2018-4244: Siri Contacts, An attacker with physical access to a device may be able to see private contact information
CVE-2018-4186: Safari Downloads, In Private Browsing, some downloads were not removed from the downloads list
CVE-2018-4170: Admin Framework, Passwords supplied to sysadminctl may be exposed to other local users
CVE-2018-4150: Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4124: CoreText, Processing a maliciously crafted string may lead to heap corruption
CVE-2018-4189: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4169: Kernel, An application may be able to execute arbitrary code with kernel privileges
03: Ian Beer of Google Project Zero, 2018: 13, 2017: 32
CVE-2018-4461: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4334: Intel Graphics Driver, An application may be able to execute arbitrary code with system privileges
CVE-2018-4408: IOHIDFamily, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4341: IOKit, A malicious application may be able to break out of its sandbox
CVE-2018-4354: IOKit, A malicious application may be able to break out of its sandbox
CVE-2018-4337: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4363: Kernel, An application may be able to read restricted memory
CVE-2018-4241: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4243: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4230: NVIDIA Graphics Drivers, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4206: Crash Reporter, An application may be able to gain elevated privileges
CVE-2018-4139: kext tools, An application may be able to execute arbitrary code with system privileges
CVE-2018-4083: Touch Bar Support, A malicious application may be able to execute arbitrary code with system privileges
04: Brandon Azad, 2018: 11, 2017: 4
CVE-2018-4426: Grand Central Dispatch, An application may be able to execute arbitrary code with system privileges
CVE-2018-4331: Heimdal, An application may be able to execute arbitrary code with system privileges
CVE-2018-4333: Crash Reporter, An application may be able to read restricted memory
CVE-2018-4332: Heimdal, An application may be able to execute arbitrary code with system privileges
CVE-2018-4343: Heimdal, An application may be able to execute arbitrary code with system privileges
CVE-2018-4336: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4335: IOMobileFrameBuffer, An application may be able to read restricted memory
CVE-2018-4280: libxpc, An application may be able to gain elevated privileges
CVE-2018-4248: libxpc, A malicious application may be able to read restricted memory
CVE-2018-4275: Wi-Fi, A malicious application may be able to break out of its sandbox
CVE-2018-4185: Kernel, A malicious application may be able to determine kernel memory layout
05: Ivan Fratric of Google Project Zero, 2018: 11, 2017: 28
CVE-2018-4323: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4328: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4197: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4306: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4312: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4314: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4315: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4317: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4318: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4200: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4089: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
06: Samuel Groß (@5aelo), 2018: 11, 2017: 0
CVE-2018-4359: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4166: CFNetwork Session, An application may be able to gain elevated privileges
CVE-2018-4155: CoreFoundation, An application may be able to gain elevated privileges
CVE-2018-4158: CoreFoundation, An application may be able to gain elevated privileges
CVE-2018-4167: File System Events, An application may be able to gain elevated privileges
CVE-2018-4151: iCloud Drive, An application may be able to gain elevated privileges
CVE-2018-4152: Notes, An application may be able to gain elevated privileges
CVE-2017-7151: Notes, An application may be able to gain elevated privileges
CVE-2018-4156: PluginKit, An application may be able to gain elevated privileges
CVE-2018-4157: Quick Look, An application may be able to gain elevated privileges
CVE-2018-4154: Storage, An application may be able to gain elevated privileges
07: Abraham Masri (@cheesecakeufo), 2018: 9, 2017: 0
CVE-2018-4269: CoreCrypto, A malicious application may be able to break out of its sandbox
CVE-2018-4216: Phone, A malicious application may be able to bypass the call confirmation prompt
CVE-2018-4224: Security, A local user may be able to read a persistent device identifier
CVE-2018-4225: Security, A local user may be able to modify the state of the Keychain
CVE-2018-4226: Security, A local user may be able to view sensitive user information
CVE-2018-4223: Security, A local user may be able to read a persistent account identifier
CVE-2018-4215: Bluetooth, A malicious application may be able to elevate privileges
CVE-2018-4100: Contacts, Processing a maliciously crafted vcf file may lead to a denial of service
CVE-2018-4144: Security, A malicious application may be able to elevate privileges
08: Mohamed Ghannam (@_simo36), 2018: 7, 2017: 0
CVE-2018-4303: Airport, A malicious application may be able to elevate privileges
CVE-2018-4420: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4419: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4308: ATS, An application may be able to read restricted memory
CVE-2018-4340: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4285: ATS, A malicious application may be able to gain root privileges
CVE-2018-4219: ATS, A malicious application may be able to elevate privileges
09: lokihardt of Google Project Zero, 2018: 7, 2017: 37
CVE-2018-4441: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4442: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4443: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4438: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4382: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4386: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4416: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
10: shrek_wzw of Qihoo 360 Nirvan Team, 2018: 7, 2017: 7
CVE-2018-4289: AMD, A malicious application may be able to determine kernel memory layout
CVE-2018-4253: AMD, A local user may be able to read kernel memory
CVE-2018-4256: AMD, A local user may be able to read kernel memory
CVE-2018-4255: AMD, A local user may be able to read kernel memory
CVE-2018-4258: AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4257: AppleGraphicsPowerManagement, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4171: Bluetooth, A malicious application may be able to determine kernel memory layout.
11: Natalie Silvanovich of Google Project Zero, 2018: 6, 2017: 2
CVE-2018-4384: AppleAVD, A malicious application may be able to elevate privileges
CVE-2018-4366: FaceTime, A remote attacker may be able to leak memory
CVE-2018-4367: FaceTime, A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
CVE-2018-4218: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4222: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4121: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
12: Apple, 2018: 6, 2017: 18
CVE-2018-4401: IOUserEthernet, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4383: IOKit, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4327: Core Bluetooth, An application may be able to execute arbitrary code with system privileges
CVE-2018-4281: SwiftNIO, A remote attacker may be able to overwrite arbitrary memory
CVE-2018-4330: Core Bluetooth, An application may be able to execute arbitrary code with system privileges
CVE-2018-4220: Swift for Ubuntu, A process may gain admin privileges and execute arbitrary code
13: Jun Kokatsu (@shhnjk), 2018: 6, 2017: 1
CVE-2018-4345: WebKit, A malicious website may exfiltrate image data cross-origin
CVE-2018-4362: SafariViewController, Visiting a malicious website may lead to address bar spoofing
CVE-2018-4278: WebKit, A malicious website may exfiltrate audio data cross-origin
CVE-2018-4190: WebKit, Visiting a maliciously crafted website may leak sensitive data
CVE-2018-4118: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7830: WebKit Page Loading, Processing maliciously crafted web content may lead to arbitrary code execution
14: videosdebarraquito, 2018: 5, 2017: 0
CVE-2018-4430: FaceTime, A local attacker may be able to view contacts from the lock screen
CVE-2018-4388: Notes, A local attacker may be able to share items from the lock screen
CVE-2018-4387: VoiceOver, A local attacker may be able to view photos from the lock screen
CVE-2018-4380: VoiceOver, A local attacker may be able to view photos and contacts from the lock screen
CVE-2018-4379: Quick Look, A local attacker may be able to share items from the lock screen
15: an anonymous researcher working with Trend Micro's Zero Day Initiative, 2018: 5, 2017: 2
CVE-2018-4410: AppleGraphicsControl, An application may be able to execute arbitrary code with system privileges
CVE-2018-4422: IOGraphics, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4309: WebKit, A malicious website may be able to execute scripts in the context of another website
CVE-2018-4119: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4127: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
16: Kevin Backhouse of Semmle and LGTM.com, 2018: 5, 2017: 0
CVE-2018-4259: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4286: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4287: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4288: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
CVE-2018-4291: Kernel, Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
17: xisigr of Tencent's Xuanwu Lab (tencent.com), 2018: 4, 2017: 9
CVE-2018-4439: Safari, Visiting a malicious website may lead to user interface spoofing
CVE-2018-4260: WebKit Page Loading, Visiting a malicious website may lead to address bar spoofing
CVE-2018-4277: LinkPresentation, Visiting a malicious website may lead to address bar spoofing
CVE-2018-4205: Safari, Visiting a malicious website may lead to address bar spoofing
18: The UK's National Cyber Security Centre (NCSC), 2018: 4, 2017: 3
CVE-2018-4412: CoreFoundation, A malicious application may be able to elevate privileges
CVE-2018-4414: CoreFoundation, An application may be able to gain elevated privileges
CVE-2018-4344: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4104: Kernel, An application may be able to read restricted memory
19: WanderingGlitch of Trend Micro's Zero Day Initiative, 2018: 4, 2017: 0
CVE-2018-4125: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4161: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4162: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4163: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
20: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, 2018: 3, 2017: 0
CVE-2018-4437: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4464: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2018-4372: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
关键字: kernel, 2018 漏洞数: 55, 2017 漏洞数: 79
CVE-2018-4427, Disk Images, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4431, Kernel, A local user may be able to read kernel memory
CVE-2018-4447, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4461, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4465, Disk Images, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4434, Intel Graphics Driver, A local user may be able to cause unexpected system termination or read kernel memory
CVE-2018-4456, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4421, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4420, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4419, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4242, Hypervisor, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4422, IOGraphics, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4408, IOHIDFamily, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4401, IOUserEthernet, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4340, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4425, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4424, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4326, mDNSOffloadUserClient, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4383, IOKit, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4336, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4337, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4344, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4357, LLVM, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4289, AMD, A malicious application may be able to determine kernel memory layout
CVE-2018-4268, APFS, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4283, IOGraphics, A local user may be able to read kernel memory
CVE-2018-4282, Kernel, A local user may be able to read kernel memory
CVE-2018-4253, AMD, A local user may be able to read kernel memory
CVE-2018-4256, AMD, A local user may be able to read kernel memory
CVE-2018-4255, AMD, A local user may be able to read kernel memory
CVE-2018-4254, AMD, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4258, AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4257, AppleGraphicsPowerManagement, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4171, Bluetooth, A malicious application may be able to determine kernel memory layout.
CVE-2018-4228, IOFireWireAVC, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4236, IOGraphics, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4234, IOHIDFamily, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4249, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-8897, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4241, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4243, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4230, NVIDIA Graphics Drivers, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4135, IOFireWireFamily, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4150, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4143, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4136, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4185, Kernel, A malicious application may be able to determine kernel memory layout
CVE-2017-13911, SIP, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4109, Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4082, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2018-4189, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4098, IOHIDFamily, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-5754, Kernel, An application may be able to read kernel memory (Meltdown)
CVE-2018-4097, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2018-4169, Kernel, An application may be able to execute arbitrary code with kernel privileges
关键字: remote, 2018 漏洞数: 19, 2017 漏洞数: 9
CVE-2018-4366, FaceTime, A remote attacker may be able to leak memory
CVE-2018-4367, FaceTime, A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
CVE-2018-4295, afpserver, A remote attacker may be able to attack AFP servers through HTTP clients
CVE-2018-4153, CUPS, In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content
CVE-2017-0898, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-10784, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-14033, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-14064, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-17405, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-17742, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-6914, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8777, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8778, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8779, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-8780, Ruby, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2018-4281, SwiftNIO, A remote attacker may be able to overwrite arbitrary memory
CVE-2018-4298, Remote Management, A remote user may be able to gain root privileges
CVE-2018-4140, Telephony, A remote attacker can cause a device to unexpectedly restart
CVE-2018-4148, Telephony, A remote attacker may be able to execute arbitrary code
关键字: Google, 2018 漏洞数: 47, 2017 漏洞数: 125
CVE-2018-4435, Jann Horn of Google Project Zero, Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security Team working with Trend Micro's Zero Day Initiative
CVE-2018-4461, Ian Beer of Google Project Zero
CVE-2018-4441, lokihardt of Google Project Zero
CVE-2018-4442, lokihardt of Google Project Zero
CVE-2018-4443, lokihardt of Google Project Zero
CVE-2018-4438, lokihardt of Google Project Zero
CVE-2018-4382, lokihardt of Google Project Zero
CVE-2018-4386, lokihardt of Google Project Zero
CVE-2018-4416, lokihardt of Google Project Zero
CVE-2018-4384, Natalie Silvanovich of Google Project Zero
CVE-2018-4366, Natalie Silvanovich of Google Project Zero
CVE-2018-4367, Natalie Silvanovich of Google Project Zero
CVE-2018-3639, Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)
CVE-2018-4334, Ian Beer of Google Project Zero
CVE-2018-4408, Ian Beer of Google Project Zero
CVE-2018-4341, Ian Beer of Google Project Zero
CVE-2018-4354, Ian Beer of Google Project Zero
CVE-2018-4323, Ivan Fratric of Google Project Zero
CVE-2018-4328, Ivan Fratric of Google Project Zero
CVE-2018-4319, John Pettitt of Google
CVE-2018-4197, Ivan Fratric of Google Project Zero
CVE-2018-4306, Ivan Fratric of Google Project Zero
CVE-2018-4312, Ivan Fratric of Google Project Zero
CVE-2018-4314, Ivan Fratric of Google Project Zero
CVE-2018-4315, Ivan Fratric of Google Project Zero
CVE-2018-4317, Ivan Fratric of Google Project Zero
CVE-2018-4318, Ivan Fratric of Google Project Zero
CVE-2018-4337, Ian Beer of Google Project Zero
CVE-2018-4363, Ian Beer of Google Project Zero
CVE-2018-4200, Ivan Fratric of Google Project Zero
CVE-2018-4218, Natalie Silvanovich of Google Project Zero
CVE-2018-4222, Natalie Silvanovich of Google Project Zero
CVE-2018-4241, Ian Beer of Google Project Zero
CVE-2018-4243, Ian Beer of Google Project Zero
CVE-2018-4230, Ian Beer of Google Project Zero
CVE-2018-4206, Ian Beer of Google Project Zero
CVE-2018-4121, Natalie Silvanovich of Google Project Zero
CVE-2018-4142, Robin Leroy of Google Switzerland GmbH
CVE-2018-4139, Ian Beer of Google Project Zero
CVE-2018-4089, Ivan Fratric of Google Project Zero
CVE-2018-4090, Jann Horn of Google Project Zero
CVE-2018-4082, Russ Cox of Google
CVE-2018-4093, Jann Horn of Google Project Zero
CVE-2017-5754, Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)
CVE-2018-4083, Ian Beer of Google Project Zero
CVE-2017-5753, Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.
CVE-2017-5715, Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.
关键字: 360, 2018 漏洞数: 24, 2017 漏洞数: 36
CVE-2018-4434, Zhuo Liang of Qihoo 360 Nirvan Team
CVE-2018-4392, zhunki of 360 ESG Codesafe Team
CVE-2018-4378, HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team
CVE-2018-4242, Zhuo Liang of Qihoo 360 Nirvan Team
CVE-2018-4402, Proteas of Qihoo 360 Nirvan Team
CVE-2018-4326, an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
CVE-2018-4316, crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4289, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4282, Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin "slashd" Shilnenkov
CVE-2018-4253, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4256, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4255, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4258, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4257, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4171, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2018-4211, Proteas of Qihoo 360 Nirvan Team
CVE-2018-4159, Axis and pjf of IceSword Lab of Qihoo 360
CVE-2018-4141, an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team
CVE-2018-4236, Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team
CVE-2018-4234, Proteas of Qihoo 360 Nirvan Team
CVE-2018-4120, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4165, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4132, Axis and pjf of IceSword Lab of Qihoo 360
CVE-2018-4138, Axis and pjf of IceSword Lab of Qihoo 360
关键字: Tencent, 2018 漏洞数: 10, 2017 漏洞数: 42
CVE-2018-4440, Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2018-4439, xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2018-4195, xisigr of Tencent's Xuanwu Lab (www.tencent.com)
CVE-2018-4260, xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2018-4277, xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2018-4194, Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab
CVE-2018-4205, xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2018-4187, Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)
CVE-2018-4116, @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2018-4134, xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department
关键字: Alibaba, 2018 漏洞数: 3, 2017 漏洞数: 2
CVE-2018-4321, Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CVE-2018-4322, Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CVE-2018-4135, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
关键字: Ant-financial, 2018 漏洞数: 3, 2017 漏洞数: 5
CVE-2018-4264, found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab
CVE-2018-4194, Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab
CVE-2018-4101, Yuan Deng of Ant-financial Light-Year Security Lab
关键字: Chaitin, 2018 漏洞数: 3, 2017 漏洞数: 8
CVE-2018-4449, Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab
CVE-2018-4450, Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab
CVE-2018-4423, Youfu Zhang of Chaitin Security Research Lab (@ChaitinTech)
关键字: Baidu, 2018 漏洞数: 1, 2017 漏洞数: 9
CVE-2018-4129, likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative
声明:本文来自Proteas,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
