苹果平台2017年漏洞情况统计报告

阅读量3222318

|评论2

发布时间 : 2017-12-28 09:54:37

作者:0x736165746F7250@360 Information Security Dept.

 

一、数据与时间

数据来源: https://support.apple.com/en-us/HT201222

统计时间: 2017-12-27, 18:43:59

 

二、CVE数量

2017 苹果 CVE 总数: 739

2016 苹果 CVE 总数: 608

 

三、漏洞模块

2017 产生漏洞的模块个数: 169

2016 产生漏洞的模块个数: 174

 

四、漏洞数 Top 20 的模块信息如下:

01: WebKit, 2017: 136, 2016: 103

CVE-2017-7156: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7157: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13856: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13870: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13866: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7160: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13783: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13784: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13785: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13788: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13791: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13792: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13793: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13794: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13795: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13796: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13797: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13798: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13802: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13803: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7081: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7087: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7091: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7092: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7093: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7094: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7095: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7096: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7098: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7099: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7100: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7102: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7104: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7107: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7111: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7117: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7120: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7089: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-7090: Cookies belonging to one origin may be sent to another origin
CVE-2017-7106: Visiting a malicious website may lead to address bar spoofing
CVE-2017-7109: Processing maliciously crafted web content may lead to a cross site scripting attack
CVE-2017-7144: A malicious website may be able to track users in Safari private browsing mode
CVE-2017-7006: A malicious website may exfiltrate data cross-origin
CVE-2017-7018: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7020: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7030: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7034: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7037: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7039: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7040: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7041: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7042: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7043: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7046: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7048: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7052: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7055: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7056: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7061: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7038: Processing maliciously crafted web content with DOMParser may lead to cross site scripting
CVE-2017-7059: Processing maliciously crafted web content with DOMParser may lead to cross site scripting
CVE-2017-7049: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7064: An application may be able to read restricted memory
CVE-2017-7011: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2504: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2505: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2515: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2521: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2525: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2530: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2531: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6980: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6984: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2536: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2549: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2496: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2506: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2514: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2526: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2538: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2539: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2544: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2547: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2508: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2510: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2528: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2463: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2479: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2480: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2493: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2386: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2394: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2396: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2016-9642: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2395: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2454: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2455: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2459: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2460: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2464: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2465: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2466: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2468: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2469: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2470: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2476: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2481: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2415: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2016-9643: Processing maliciously crafted web content may lead to high memory consumption
CVE-2017-2367: A malicious website may exfiltrate data cross-origin
CVE-2017-2445: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2446: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2447: Visiting a maliciously crafted website may compromise user information
CVE-2017-2475: Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2471: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2378: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution
CVE-2017-2486: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2457: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2419: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy
CVE-2017-2424: Processing maliciously crafted web content may result in the disclosure of process memory
CVE-2017-2433: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2364: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2392: An application may be able to execute arbitrary code
CVE-2017-7071: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2354: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2355: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2356: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2366: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2350: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2362: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2373: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2369: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2363: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2365: Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2371: A malicious website can open popups
CVE-2016-7589: Processing maliciously crafted web content may lead to arbitrary code execution

02: tcpdump, 131

CVE-2017-11108: Multiple issues in tcpdump
CVE-2017-11541: Multiple issues in tcpdump
CVE-2017-11542: Multiple issues in tcpdump
CVE-2017-11543: Multiple issues in tcpdump
CVE-2017-12893: Multiple issues in tcpdump
CVE-2017-12894: Multiple issues in tcpdump
CVE-2017-12895: Multiple issues in tcpdump
CVE-2017-12896: Multiple issues in tcpdump
CVE-2017-12897: Multiple issues in tcpdump
CVE-2017-12898: Multiple issues in tcpdump
CVE-2017-12899: Multiple issues in tcpdump
CVE-2017-12900: Multiple issues in tcpdump
CVE-2017-12901: Multiple issues in tcpdump
CVE-2017-12902: Multiple issues in tcpdump
CVE-2017-12985: Multiple issues in tcpdump
CVE-2017-12986: Multiple issues in tcpdump
CVE-2017-12987: Multiple issues in tcpdump
CVE-2017-12988: Multiple issues in tcpdump
CVE-2017-12989: Multiple issues in tcpdump
CVE-2017-12990: Multiple issues in tcpdump
CVE-2017-12991: Multiple issues in tcpdump
CVE-2017-12992: Multiple issues in tcpdump
CVE-2017-12993: Multiple issues in tcpdump
CVE-2017-12994: Multiple issues in tcpdump
CVE-2017-12995: Multiple issues in tcpdump
CVE-2017-12996: Multiple issues in tcpdump
CVE-2017-12997: Multiple issues in tcpdump
CVE-2017-12998: Multiple issues in tcpdump
CVE-2017-12999: Multiple issues in tcpdump
CVE-2017-13000: Multiple issues in tcpdump
CVE-2017-13001: Multiple issues in tcpdump
CVE-2017-13002: Multiple issues in tcpdump
CVE-2017-13003: Multiple issues in tcpdump
CVE-2017-13004: Multiple issues in tcpdump
CVE-2017-13005: Multiple issues in tcpdump
CVE-2017-13006: Multiple issues in tcpdump
CVE-2017-13007: Multiple issues in tcpdump
CVE-2017-13008: Multiple issues in tcpdump
CVE-2017-13009: Multiple issues in tcpdump
CVE-2017-13010: Multiple issues in tcpdump
CVE-2017-13011: Multiple issues in tcpdump
CVE-2017-13012: Multiple issues in tcpdump
CVE-2017-13013: Multiple issues in tcpdump
CVE-2017-13014: Multiple issues in tcpdump
CVE-2017-13015: Multiple issues in tcpdump
CVE-2017-13016: Multiple issues in tcpdump
CVE-2017-13017: Multiple issues in tcpdump
CVE-2017-13018: Multiple issues in tcpdump
CVE-2017-13019: Multiple issues in tcpdump
CVE-2017-13020: Multiple issues in tcpdump
CVE-2017-13021: Multiple issues in tcpdump
CVE-2017-13022: Multiple issues in tcpdump
CVE-2017-13023: Multiple issues in tcpdump
CVE-2017-13024: Multiple issues in tcpdump
CVE-2017-13025: Multiple issues in tcpdump
CVE-2017-13026: Multiple issues in tcpdump
CVE-2017-13027: Multiple issues in tcpdump
CVE-2017-13028: Multiple issues in tcpdump
CVE-2017-13029: Multiple issues in tcpdump
CVE-2017-13030: Multiple issues in tcpdump
CVE-2017-13031: Multiple issues in tcpdump
CVE-2017-13032: Multiple issues in tcpdump
CVE-2017-13033: Multiple issues in tcpdump
CVE-2017-13034: Multiple issues in tcpdump
CVE-2017-13035: Multiple issues in tcpdump
CVE-2017-13036: Multiple issues in tcpdump
CVE-2017-13037: Multiple issues in tcpdump
CVE-2017-13038: Multiple issues in tcpdump
CVE-2017-13039: Multiple issues in tcpdump
CVE-2017-13040: Multiple issues in tcpdump
CVE-2017-13041: Multiple issues in tcpdump
CVE-2017-13042: Multiple issues in tcpdump
CVE-2017-13043: Multiple issues in tcpdump
CVE-2017-13044: Multiple issues in tcpdump
CVE-2017-13045: Multiple issues in tcpdump
CVE-2017-13046: Multiple issues in tcpdump
CVE-2017-13047: Multiple issues in tcpdump
CVE-2017-13048: Multiple issues in tcpdump
CVE-2017-13049: Multiple issues in tcpdump
CVE-2017-13050: Multiple issues in tcpdump
CVE-2017-13051: Multiple issues in tcpdump
CVE-2017-13052: Multiple issues in tcpdump
CVE-2017-13053: Multiple issues in tcpdump
CVE-2017-13054: Multiple issues in tcpdump
CVE-2017-13055: Multiple issues in tcpdump
CVE-2017-13687: Multiple issues in tcpdump
CVE-2017-13688: Multiple issues in tcpdump
CVE-2017-13689: Multiple issues in tcpdump
CVE-2017-13690: Multiple issues in tcpdump
CVE-2017-13725: Multiple issues in tcpdump
CVE-2016-7922: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7923: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7924: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7925: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7926: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7927: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7928: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7929: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7930: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7931: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7932: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7933: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7934: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7935: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7936: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7937: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7938: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7939: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7940: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7973: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7974: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7975: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7983: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7984: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7985: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7986: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7992: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-7993: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-8574: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2016-8575: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5202: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5203: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5204: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5205: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5341: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5342: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5482: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5483: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5484: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5485: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
CVE-2017-5486: An attacker in a privileged network position may be able to execute arbitrary code with user assistance

03: Kernel, 2017: 64, 2016: 46

CVE-2017-13862: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13867: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13833: An application may be able to read restricted memory
CVE-2017-13876: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13855: An application may be able to read restricted memory
CVE-2017-13865: An application may be able to read restricted memory
CVE-2017-13868: An application may be able to read restricted memory
CVE-2017-13869: An application may be able to read restricted memory
CVE-2017-7154: A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-13799: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13852: A malicious application may be able to learn information about the presence and operation of other applications on the device.
CVE-2017-13810: A local user may be able to leak sensitive user information
CVE-2017-13817: A local user may be able to read kernel memory
CVE-2017-13818: An application may be able to read restricted memory
CVE-2017-13836: An application may be able to read restricted memory
CVE-2017-13841: An application may be able to read restricted memory
CVE-2017-13840: An application may be able to read restricted memory
CVE-2017-13842: An application may be able to read restricted memory
CVE-2017-13782: An application may be able to read restricted memory
CVE-2017-13843: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13834: Processing a malformed mach binary may lead to arbitrary code execution
CVE-2017-7114: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13854: An application may be able to execute arbitrary code with system privileges
CVE-2017-13873: A malicious application may be able to learn information about the presence and operation of other applications on the device.
CVE-2017-7022: An application may be able to execute arbitrary code with system privileges
CVE-2017-7024: An application may be able to execute arbitrary code with system privileges
CVE-2017-7026: An application may be able to execute arbitrary code with system privileges
CVE-2017-7023: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7025: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7027: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7069: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7028: An application may be able to read restricted memory
CVE-2017-7029: An application may be able to read restricted memory
CVE-2017-7067: An application may be able to read restricted memory
CVE-2017-2501: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2507: An application may be able to read restricted memory
CVE-2017-6987: An application may be able to read restricted memory
CVE-2017-2494: An application may be able to gain kernel privileges
CVE-2017-2509: An application may be able to read restricted memory
CVE-2017-2516: An application may be able to read restricted memory
CVE-2017-2546: An application may be able to gain kernel privileges
CVE-2017-2401: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2440: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2456: A malicious application may be able to execute arbitrary code with root privileges
CVE-2017-2472: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2473: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2474: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2478: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2482: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2483: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2490: An application may be able to execute arbitrary code with elevated privileges
CVE-2017-2398: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2410: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-7070: The screen may unexpectedly remain unlocked when the lid is closed
CVE-2017-2370: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2360: An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7606: An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7612: An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7607: An application may be able to read kernel memory
CVE-2016-7615: A local user may be able to cause a system denial of service
CVE-2016-7621: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
CVE-2016-7637: A local user may be able to gain root privileges
CVE-2016-7644: A local application with system privileges may be able to execute arbitrary code with kernel privileges
CVE-2016-7647: An application may be able to cause a denial of service

04: iTunes, 18

CVE-2017-7053: An application may be able to execute arbitrary code with system privileges
CVE-2013-7443: Multiple issues in SQLite
CVE-2015-3414: Multiple issues in SQLite
CVE-2015-3415: Multiple issues in SQLite
CVE-2015-3416: Multiple issues in SQLite
CVE-2015-3717: Multiple issues in SQLite
CVE-2015-6607: Multiple issues in SQLite
CVE-2016-6153: Multiple issues in SQLite
CVE-2009-3270: Multiple issues in expat
CVE-2009-3560: Multiple issues in expat
CVE-2009-3720: Multiple issues in expat
CVE-2012-1147: Multiple issues in expat
CVE-2012-1148: Multiple issues in expat
CVE-2012-6702: Multiple issues in expat
CVE-2015-1283: Multiple issues in expat
CVE-2016-0718: Multiple issues in expat
CVE-2016-4472: Multiple issues in expat
CVE-2016-5300: Multiple issues in expat

05: Intel Graphics Driver, 2017: 14, 2016: 9

CVE-2017-13883: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7163: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7155: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13878: A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-13875: An application may be able to execute arbitrary code with system privileges
CVE-2017-7014: An application may be able to execute arbitrary code with system privileges
CVE-2017-7017: An application may be able to execute arbitrary code with system privileges
CVE-2017-7035: An application may be able to execute arbitrary code with system privileges
CVE-2017-7044: An application may be able to execute arbitrary code with system privileges
CVE-2017-7036: An application may be able to read restricted memory
CVE-2017-7045: An application may be able to read restricted memory
CVE-2017-2503: An application may be able to gain kernel privileges
CVE-2017-2443: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2489: An application may be able to disclose kernel memory

06: SQLite, 14

CVE-2017-7127: An application may be able to execute arbitrary code with system privileges
CVE-2017-10989: Multiple issues in SQLite
CVE-2017-7128: Multiple issues in SQLite
CVE-2017-7129: Multiple issues in SQLite
CVE-2017-7130: Multiple issues in SQLite
CVE-2017-2513: A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2518: A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2520: A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2519: A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-6983: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6991: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7000: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7001: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7002: Processing maliciously crafted web content may lead to arbitrary code execution

07: apache, 13

CVE-2017-9798: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory
CVE-2016-0736: Multiple issues in Apache
CVE-2016-2161: Multiple issues in Apache
CVE-2016-5387: Multiple issues in Apache
CVE-2016-8740: Multiple issues in Apache
CVE-2016-8743: Multiple issues in Apache
CVE-2017-3167: Multiple issues in Apache
CVE-2017-3169: Multiple issues in Apache
CVE-2017-7659: Multiple issues in Apache
CVE-2017-7668: Multiple issues in Apache
CVE-2017-7679: Multiple issues in Apache
CVE-2017-9788: Multiple issues in Apache
CVE-2017-9789: Multiple issues in Apache

08: Wi-Fi, 13

CVE-2017-11120: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-11121: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-7103: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7105: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7108: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7110: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7112: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7115: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7116: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory
CVE-2017-11122: A attacker within range may be able to read restricted memory from the Wi-Fi chipset
CVE-2017-7065: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-7066: An attacker in Wi-Fi range may be able to cause a denial of service on the Wi-Fi chip
CVE-2017-6975: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

09: Safari, 12

CVE-2017-13790: Visiting a malicious website may lead to address bar spoofing
CVE-2017-13789: Visiting a malicious website may lead to address bar spoofing
CVE-2017-7085: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2517: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2495: Visiting a maliciously crafted webpage may lead to an application denial of service
CVE-2017-2500: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2511: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2376: Visiting a malicious website may lead to address bar spoofing
CVE-2017-2384: A local user may be able to discover websites a user has visited in Private Browsing
CVE-2017-2389: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites
CVE-2017-2453: Visiting a malicious website by clicking a link may lead to user interface spoofing
CVE-2017-2359: Visiting a malicious website may lead to address bar spoofing

10: Security, 2017: 12, 2016: 8

CVE-2017-7150: A malicious application can extract keychain passwords
CVE-2017-7080: A revoked certificate may be trusted
CVE-2017-7146: A malicious app may be able to track users between installs
CVE-2017-2535: An application may be able to escape its sandbox
CVE-2017-7004: A local application may be able to send privileged XPC messages without entitlements
CVE-2017-2498: Update to the certificate trust policy
CVE-2017-2451: An application may be able to execute arbitrary code with root privileges
CVE-2017-2485: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution
CVE-2017-2423: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed
CVE-2016-4693: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm
CVE-2016-7636: An attacker in a privileged network position may be able to cause a denial of service
CVE-2016-7662: Certificates may be unexpectedly evaluated as trusted

11: ntp, 10

CVE-2017-6451: Multiple issues in ntp
CVE-2017-6452: Multiple issues in ntp
CVE-2017-6455: Multiple issues in ntp
CVE-2017-6458: Multiple issues in ntp
CVE-2017-6459: Multiple issues in ntp
CVE-2017-6460: Multiple issues in ntp
CVE-2017-6462: Multiple issues in ntp
CVE-2017-6463: Multiple issues in ntp
CVE-2017-6464: Multiple issues in ntp
CVE-2016-9042: Multiple issues in ntp

12: libarchive, 8

CVE-2017-13813: Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-13816: Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-13812: Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2016-4736: An application may be able to read restricted memory
CVE-2017-7068: Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-2390: A local attacker may be able to change file system permissions on arbitrary directories
CVE-2016-8687: Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2016-7619: A local attacker may be able to overwrite existing files

13: Bluetooth, 2017: 8, 2016: 6

CVE-2017-7131: An application may be able to access restricted files
CVE-2017-7050: An application may be able to execute arbitrary code with system privileges
CVE-2017-7051: An application may be able to execute arbitrary code with system privileges
CVE-2017-7054: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2420: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2427: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2449: An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2353: An application may be able to execute arbitrary code with kernel privileges

14: apache_mod_php, 2017: 8, 2016: 36

CVE-2016-10158: Multiple issues existed in PHP before 5.6.30
CVE-2016-10159: Multiple issues existed in PHP before 5.6.30
CVE-2016-10160: Multiple issues existed in PHP before 5.6.30
CVE-2016-10161: Multiple issues existed in PHP before 5.6.30
CVE-2016-9935: Multiple issues existed in PHP before 5.6.30
CVE-2016-8670: Multiple issues in PHP
CVE-2016-9933: Multiple issues in PHP
CVE-2016-9934: Multiple issues in PHP

15: curl, 2017: 7, 2016: 17

CVE-2017-1000254: Malicious FTP servers may be able to cause the client to read out-of-bounds memory
CVE-2017-1000100: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory
CVE-2017-1000101: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory
CVE-2016-9586: Multiple issues in curl
CVE-2016-9594: Multiple issues in curl
CVE-2017-2629: Multiple issues in curl
CVE-2017-7468: Multiple issues in curl

16: CoreText, 7

CVE-2017-13849: Processing a maliciously crafted text file may lead to an unexpected application termination
CVE-2017-13825: Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-7003: Processing a maliciously crafted file may lead to application termination
CVE-2017-2435: Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-2450: Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2017-2461: Processing a maliciously crafted text message may lead to application denial of service
CVE-2016-7595: Processing a maliciously crafted font file may lead to arbitrary code execution

17: file, 7

CVE-2017-13815: Multiple issues in file
CVE-2017-7121: Multiple issues in file
CVE-2017-7122: Multiple issues in file
CVE-2017-7123: Multiple issues in file
CVE-2017-7124: Multiple issues in file
CVE-2017-7125: Multiple issues in file
CVE-2017-7126: Multiple issues in file

18: ImageIO, 2017: 7, 2016: 14

CVE-2017-13814: Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2017-13831: Processing a maliciously crafted image may lead to a denial of service
CVE-2017-2416: Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2017-2432: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
CVE-2017-2467: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
CVE-2016-3619: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-7643: A remote attacker may be able to leak memory

19: AVEVideoEncoder, 7

CVE-2017-6989: An application may be able to gain kernel privileges
CVE-2017-6994: An application may be able to gain kernel privileges
CVE-2017-6995: An application may be able to gain kernel privileges
CVE-2017-6996: An application may be able to gain kernel privileges
CVE-2017-6997: An application may be able to gain kernel privileges
CVE-2017-6998: An application may be able to gain kernel privileges
CVE-2017-6999: An application may be able to gain kernel privileges

20: tiffutil, 7

CVE-2016-9533: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9535: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9536: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9537: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9538: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9539: Processing a maliciously crafted image may lead to unexpected application termination
CVE-2016-9540: Processing a maliciously crafted image may lead to unexpected application termination

五、漏洞报告人

2017 报告漏洞的人数: 224
2016 报告漏洞的人数: 261

 

六、Top 20 个人:

01: lokihardt of Google Project Zero, 37

CVE-2017-7117: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7018: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7037: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7056: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7061: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7064: WebKit, An application may be able to read restricted memory
CVE-2017-7005: JavaScriptCore, Processing maliciously crafted web content may lead to unexpected application termination or arbitrary code execution
CVE-2017-2504: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2505: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2515: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2521: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2531: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6980: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6984: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2549: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2514: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2508: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2510: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2528: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2479: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2480: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2493: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2492: JavaScriptCore, Processing a maliciously crafted web page may lead to universal cross site scripting
CVE-2017-2456: Kernel, A malicious application may be able to execute arbitrary code with root privileges
CVE-2017-2468: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2469: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2470: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2367: WebKit, A malicious website may exfiltrate data cross-origin
CVE-2017-2445: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2475: WebKit, Processing maliciously crafted web content may lead to universal cross site scripting
CVE-2017-2457: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2364: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2442: WebKit JavaScript Bindings, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2363: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2365: WebKit, Processing maliciously crafted web content may exfiltrate data cross-origin
CVE-2017-2361: Help Viewer, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2371: WebKit, A malicious website can open popups

02: Ian Beer of Google Project Zero, 2017: 32, 2016: 29

CVE-2017-13878: Intel Graphics Driver, A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-13875: Intel Graphics Driver, An application may be able to execute arbitrary code with system privileges
CVE-2017-13847: IOKit, An application may be able to execute arbitrary code with system privileges
CVE-2017-13867: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13876: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13865: Kernel, An application may be able to read restricted memory
CVE-2017-13861: IOSurface, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7047: libxpc, An application may be able to execute arbitrary code with system privileges
CVE-2017-2522: CoreFoundation, Parsing maliciously crafted data may lead to arbitrary code execution
CVE-2017-2523: Foundation, Parsing maliciously crafted data may lead to arbitrary code execution
CVE-2017-2501: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2507: Kernel, An application may be able to read restricted memory
CVE-2017-2524: TextInput, Parsing maliciously crafted data may lead to arbitrary code execution
CVE-2017-6978: Accessibility Framework, An application may be able to gain system privileges
CVE-2017-2527: CoreAnimation, Processing maliciously crafted data may lead to arbitrary code execution
CVE-2017-7004: Security, A local application may be able to send privileged XPC messages without entitlements
CVE-2017-2472: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2473: Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2474: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2478: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2482: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2483: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2443: Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2489: Intel Graphics Driver, An application may be able to disclose kernel memory
CVE-2017-2353: Bluetooth, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2370: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2360: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7612: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7621: Kernel, A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
CVE-2016-7637: Kernel, A local user may be able to gain root privileges
CVE-2016-7644: Kernel, A local application with system privileges may be able to execute arbitrary code with kernel privileges
CVE-2016-7660: syslog, A local user may be able to gain root privileges

03: Ivan Fratric of Google Project Zero, 28

CVE-2017-13783: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13784: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13785: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13791: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13792: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13794: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13795: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13796: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13797: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13798: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13802: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7039: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7040: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7041: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7042: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7043: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7046: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7048: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7049: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2455: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2459: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2460: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2466: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2476: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2471: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2362: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2373: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2369: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

04: found by OSS-Fuzz, 20

CVE-2017-3735: OpenSSL, An application may be able to read restricted memory
CVE-2017-13813: libarchive, Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-13816: libarchive, Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-13812: libarchive, Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-7121: file, Multiple issues in file
CVE-2017-7122: file, Multiple issues in file
CVE-2017-7123: file, Multiple issues in file
CVE-2017-7124: file, Multiple issues in file
CVE-2017-7125: file, Multiple issues in file
CVE-2017-7126: file, Multiple issues in file
CVE-2017-10989: SQLite, Multiple issues in SQLite
CVE-2017-7128: SQLite, Multiple issues in SQLite
CVE-2017-7129: SQLite, Multiple issues in SQLite
CVE-2017-7130: SQLite, Multiple issues in SQLite
CVE-2017-7068: libarchive, Unpacking a maliciously crafted archive may lead to arbitrary code execution
CVE-2017-7013: libxml2, Parsing a maliciously crafted XML document may lead to disclosure of user information
CVE-2017-2513: SQLite, A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2518: SQLite, A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2520: SQLite, A maliciously crafted SQL query may lead to arbitrary code execution
CVE-2017-2519: SQLite, A maliciously crafted SQL query may lead to arbitrary code execution

05: Apple, 2017: 18, 2016: 60

CVE-2017-13862: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13879: IOMobileFrameBuffer, An application may be able to execute arbitrary code with kernel privilege
CVE-2017-7081: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7087: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7099: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7090: WebKit, Cookies belonging to one origin may be sent to another origin
CVE-2017-7010: libxml2, Parsing a maliciously crafted XML document may lead to disclosure of user information
CVE-2017-7012: WebKit Web Inspector, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2496: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2491: JavaScriptCore, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2394: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2396: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2395: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2433: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2405: WebKit Web Inspector, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2410: Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2016-7662: Security, Certificates may be unexpectedly evaluated as trusted
CVE-2016-7589: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution

06: Gal Beniamini of Google Project Zero, 13

CVE-2017-11120: Wi-Fi, An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-11121: Wi-Fi, An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-7103: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7105: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7108: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7110: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7112: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7115: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7116: Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory
CVE-2017-11122: Wi-Fi, A attacker within range may be able to read restricted memory from the Wi-Fi chipset
CVE-2017-7065: Wi-Fi, An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
CVE-2017-7066: Wi-Fi, An attacker in Wi-Fi range may be able to cause a denial of service on the Wi-Fi chip
CVE-2017-6975: Wi-Fi, An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

07: riusksk (泉哥) of Tencent Security Platform Department, 2017: 12, 2016: 4

CVE-2017-7076: ld64, Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution
CVE-2017-7134: ld64, Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution
CVE-2017-7135: ld64, Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution
CVE-2017-7136: ld64, Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution
CVE-2017-7137: ld64, Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution
CVE-2017-7016: afclip, Processing a maliciously crafted audio file may lead to arbitrary code execution
CVE-2017-7033: afclip, Processing a maliciously crafted audio file may lead to arbitrary code execution
CVE-2017-7015: Audio, Processing a maliciously crafted audio file may disclose restricted memory
CVE-2017-2417: CoreGraphics, Processing a maliciously crafted image may lead to a denial of service
CVE-2017-2487: FontParser, Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-2406: FontParser, Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-2407: FontParser, Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

08: xisigr of Tencent’s Xuanwu Lab (tencent.com), 2017: 9, 2016: 6

CVE-2017-13788: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-13789: Safari, Visiting a malicious website may lead to address bar spoofing
CVE-2017-13801: Dictionary Widget, Searching pasted text in the Dictionary widget may lead to compromise of user information
CVE-2017-7085: Safari, Visiting a malicious website may lead to address bar spoofing
CVE-2017-7011: WebKit, Visiting a malicious website may lead to address bar spoofing
CVE-2017-2517: Safari, Visiting a malicious website may lead to address bar spoofing
CVE-2017-2453: Safari, Visiting a malicious website by clicking a link may lead to user interface spoofing
CVE-2017-2378: WebKit, Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution
CVE-2017-2359: Safari, Visiting a malicious website may lead to address bar spoofing

09: Cure53, 9

CVE-2017-6451: ntp, Multiple issues in ntp
CVE-2017-6452: ntp, Multiple issues in ntp
CVE-2017-6455: ntp, Multiple issues in ntp
CVE-2017-6458: ntp, Multiple issues in ntp
CVE-2017-6459: ntp, Multiple issues in ntp
CVE-2017-6460: ntp, Multiple issues in ntp
CVE-2017-6462: ntp, Multiple issues in ntp
CVE-2017-6463: ntp, Multiple issues in ntp
CVE-2017-6464: ntp, Multiple issues in ntp

10: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, 8

CVE-2017-6989: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6994: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6995: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6996: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6997: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6998: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6999: AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6979: IOSurface, An application may be able to gain kernel privileges

11: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative, 8

CVE-2017-6990: HFS, An application may be able to read restricted memory
CVE-2017-2546: Kernel, An application may be able to gain kernel privileges
CVE-2017-6983: SQLite, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-6991: SQLite, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7000: SQLite, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7001: SQLite, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-7002: SQLite, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2537: WindowServer, An application may be able to gain system privileges

12: shrek_wzw of Qihoo 360 Nirvan Team, 2017: 8, 2016: 4

CVE-2017-13853, AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13854: Kernel, An application may be able to execute arbitrary code with system privileges
CVE-2017-7009: IOUSBFamily, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7035: Intel Graphics Driver, An application may be able to execute arbitrary code with system privileges
CVE-2017-7044: Intel Graphics Driver, An application may be able to execute arbitrary code with system privileges
CVE-2017-7036: Intel Graphics Driver, An application may be able to read restricted memory
CVE-2017-7045: Intel Graphics Driver, An application may be able to read restricted memory
CVE-2017-7067: Kernel, An application may be able to read restricted memory

13: Jann Horn of Google Project Zero, 6

CVE-2017-13855: Kernel, An application may be able to read restricted memory
CVE-2017-13869: Kernel, An application may be able to read restricted memory
CVE-2017-7154: Kernel, A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-2494: Kernel, An application may be able to gain kernel privileges
CVE-2017-2509: Kernel, An application may be able to read restricted memory
CVE-2017-2516: Kernel, An application may be able to read restricted memory

14: John Villamil, Doyensec, 5

CVE-2017-13820: ATS, Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2017-13850: Font Importer, Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2017-2435: CoreText, Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-2450: CoreText, Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2017-2439: FontParser, Processing a maliciously crafted font may result in the disclosure of process memory

15: Australian Cyber Security Centre – Australian Signals Directorate, 5

CVE-2017-13821: CFString, An application may be able to read restricted memory
CVE-2017-13825: CoreText, Processing a maliciously crafted font file may lead to arbitrary code execution
CVE-2017-13814: ImageIO, Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2017-13822: Quick Look, An application may be able to read restricted memory
CVE-2017-7132: Quick Look, Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution

16: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative, 5

CVE-2017-2536: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2533: DiskArbitration, An application may be able to gain system privileges
CVE-2017-2535: Security, An application may be able to escape its sandbox
CVE-2017-2534: Speech Framework, An application may be able to escape its sandbox
CVE-2017-6977: Speech Framework, An application may be able to escape its sandbox

17: Brandon Azad, 2017: 4, 2016: 13

CVE-2017-13833: Kernel, An application may be able to read restricted memory
CVE-2017-13868: Kernel, An application may be able to read restricted memory
CVE-2017-7077: IOFireWireFamily, An application may be able to execute arbitrary code with system privileges
CVE-2016-7607: Kernel, An application may be able to read kernel memory

18: Lufeng Li of Qihoo 360 Vulcan Team, 2017: 4, 2016: 4

CVE-2017-13799: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2401: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2398: Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7647: Kernel, An application may be able to cause a denial of service

19: Patrick Wardle of Synack, 4

CVE-2017-7150: Security, A malicious application can extract keychain passwords
CVE-2017-13837: Installer, A malicious application may be able to access the FileVault unlock key
CVE-2017-6987: Kernel, An application may be able to read restricted memory
CVE-2017-6974: System Integrity Protection, A malicious application may be able to modify protected disk locations

20: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative, 4

CVE-2017-2538: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2539: WebKit, Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2017-2541: WindowServer, An application may be able to gain system privileges
CVE-2017-2540: WindowServer, An application may be able to read restricted memory

关键字: kernel, 2017 漏洞数: 79, 2016 漏洞数: 114

CVE-2017-13883, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7163, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7155, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13878, Intel Graphics Driver, A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-7162, IOKit, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13862, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13867, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13876, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7154, Kernel, A local user may be able to cause unexpected system termination or read kernel memory
CVE-2017-13861, IOSurface, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13879, IOMobileFrameBuffer, An application may be able to execute arbitrary code with kernel privilege
CVE-2017-13799, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13817, Kernel, A local user may be able to read kernel memory
CVE-2017-13843, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7114, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7103, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7105, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7108, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7110, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7112, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7115, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor
CVE-2017-7116, Wi-Fi, Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory
CVE-2017-7009, IOUSBFamily, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7023, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7025, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7027, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7069, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-13853, AppleGraphicsControl, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-7054, Bluetooth, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-6989, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6994, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6995, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6996, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6997, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6998, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6999, AVEVideoEncoder, An application may be able to gain kernel privileges
CVE-2017-6979, IOSurface, An application may be able to gain kernel privileges
CVE-2017-2501, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2503, Intel Graphics Driver, An application may be able to gain kernel privileges
CVE-2017-2545, IOGraphics, An application may be able to gain kernel privileges
CVE-2017-2494, Kernel, An application may be able to gain kernel privileges
CVE-2017-2546, Kernel, An application may be able to gain kernel privileges
CVE-2017-2542, Multi-Touch, An application may be able to gain kernel privileges
CVE-2017-2543, Multi-Touch, An application may be able to gain kernel privileges
CVE-2017-6985, NVIDIA Graphics Drivers, An application may be able to gain kernel privileges
CVE-2017-2401, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2440, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2472, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2473, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2474, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2478, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2482, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2483, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2398, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2421, AppleGraphicsPowerManagement, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2438, AppleRAID, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2420, Bluetooth, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2427, Bluetooth, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2449, Bluetooth, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2443, Intel Graphics Driver, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2489, Intel Graphics Driver, An application may be able to disclose kernel memory
CVE-2017-2408, IOATAFamily, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2436, IOFireWireAVC, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2437, IOFireWireAVC, A local attacker may be able to execute arbitrary code with kernel privileges
CVE-2017-2410, Kernel, A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2017-2353, Bluetooth, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2358, Graphics Drivers, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2357, IOAudioFamily, An application may be able to determine kernel memory layout
CVE-2017-2370, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2017-2360, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7616, Disk Images, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7591, IOHIDFamily, A local application with system privileges may be able to execute arbitrary code with kernel privileges
CVE-2016-7657, IOKit, An application may be able to read kernel memory
CVE-2016-7714, IOKit, A local user may be able to determine kernel memory layout
CVE-2016-7606, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7612, Kernel, An application may be able to execute arbitrary code with kernel privileges
CVE-2016-7607, Kernel, An application may be able to read kernel memory
CVE-2016-7621, Kernel, A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
CVE-2016-7644, Kernel, A local application with system privileges may be able to execute arbitrary code with kernel privileges

 

关键字: remote, 2017 漏洞数: 9, 2016 漏洞数: 51

CVE-2017-13903, HomeKit, A remote attacker may be able to unexpectedly alter application state
CVE-2017-7086, libc, A remote attacker may be able to cause a denial-of-service
CVE-2017-7062, Contacts, A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2017-7007, EventKitUI, A remote attacker may cause an unexpected application termination
CVE-2017-7063, Messages, A remote attacker may cause an unexpected application termination
CVE-2016-0751, Profile Manager, A remote user may be able to cause a denial-of-service
CVE-2007-6750, Web Server, A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests
CVE-2017-2382, Wiki Server, A remote attacker may be able to enumerate users
CVE-2016-7643, ImageIO, A remote attacker may be able to leak memory

 

关键字: Google, 2017 漏洞数: 125, 2016 漏洞数: 49

CVE-2017-13878, Ian Beer of Google Project Zero
CVE-2017-13875, Ian Beer of Google Project Zero
CVE-2017-13847, Ian Beer of Google Project Zero
CVE-2017-13867, Ian Beer of Google Project Zero
CVE-2017-13876, Ian Beer of Google Project Zero
CVE-2017-13855, Jann Horn of Google Project Zero
CVE-2017-13865, Ian Beer of Google Project Zero
CVE-2017-13869, Jann Horn of Google Project Zero
CVE-2017-7154, Jann Horn of Google Project Zero
CVE-2017-13861, Ian Beer of Google Project Zero
CVE-2017-13783, Ivan Fratric of Google Project Zero
CVE-2017-13784, Ivan Fratric of Google Project Zero
CVE-2017-13785, Ivan Fratric of Google Project Zero
CVE-2017-13791, Ivan Fratric of Google Project Zero
CVE-2017-13792, Ivan Fratric of Google Project Zero
CVE-2017-13794, Ivan Fratric of Google Project Zero
CVE-2017-13795, Ivan Fratric of Google Project Zero
CVE-2017-13796, Ivan Fratric of Google Project Zero
CVE-2017-13797, Ivan Fratric of Google Project Zero
CVE-2017-13798, Ivan Fratric of Google Project Zero
CVE-2017-13802, Ivan Fratric of Google Project Zero
CVE-2017-13828, Leonard Grey and Robert Sesek of Google Chrome
CVE-2017-7117, lokihardt of Google Project Zero
CVE-2017-7086, Russ Cox of Google
CVE-2017-11120, Gal Beniamini of Google Project Zero
CVE-2017-11121, Gal Beniamini of Google Project Zero
CVE-2017-7103, Gal Beniamini of Google Project Zero
CVE-2017-7105, Gal Beniamini of Google Project Zero
CVE-2017-7108, Gal Beniamini of Google Project Zero
CVE-2017-7110, Gal Beniamini of Google Project Zero
CVE-2017-7112, Gal Beniamini of Google Project Zero
CVE-2017-7115, Gal Beniamini of Google Project Zero
CVE-2017-7116, Gal Beniamini of Google Project Zero
CVE-2017-11122, Gal Beniamini of Google Project Zero
CVE-2017-7047, Ian Beer of Google Project Zero
CVE-2017-7018, lokihardt of Google Project Zero
CVE-2017-7037, lokihardt of Google Project Zero
CVE-2017-7039, Ivan Fratric of Google Project Zero
CVE-2017-7040, Ivan Fratric of Google Project Zero
CVE-2017-7041, Ivan Fratric of Google Project Zero
CVE-2017-7042, Ivan Fratric of Google Project Zero
CVE-2017-7043, Ivan Fratric of Google Project Zero
CVE-2017-7046, Ivan Fratric of Google Project Zero
CVE-2017-7048, Ivan Fratric of Google Project Zero
CVE-2017-7056, lokihardt of Google Project Zero
CVE-2017-7061, lokihardt of Google Project Zero
CVE-2017-7049, Ivan Fratric of Google Project Zero
CVE-2017-7065, Gal Beniamini of Google Project Zero
CVE-2017-7066, Gal Beniamini of Google Project Zero
CVE-2017-7064, lokihardt of Google Project Zero
CVE-2017-2522, Ian Beer of Google Project Zero
CVE-2017-2523, Ian Beer of Google Project Zero
CVE-2017-7005, lokihardt of Google Project Zero
CVE-2017-2501, Ian Beer of Google Project Zero
CVE-2017-2507, Ian Beer of Google Project Zero
CVE-2017-2524, Ian Beer of Google Project Zero
CVE-2017-2504, lokihardt of Google Project Zero
CVE-2017-2505, lokihardt of Google Project Zero
CVE-2017-2515, lokihardt of Google Project Zero
CVE-2017-2521, lokihardt of Google Project Zero
CVE-2017-2531, lokihardt of Google Project Zero
CVE-2017-6980, lokihardt of Google Project Zero
CVE-2017-6984, lokihardt of Google Project Zero
CVE-2017-2549, lokihardt of Google Project Zero
CVE-2017-2514, lokihardt of Google Project Zero
CVE-2017-2547, lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro’s Zero Day Initiative
CVE-2017-2508, lokihardt of Google Project Zero
CVE-2017-2510, lokihardt of Google Project Zero
CVE-2017-2528, lokihardt of Google Project Zero
CVE-2017-6978, Ian Beer of Google Project Zero
CVE-2017-2527, Ian Beer of Google Project Zero
CVE-2017-2494, Jann Horn of Google Project Zero
CVE-2017-2509, Jann Horn of Google Project Zero
CVE-2017-2516, Jann Horn of Google Project Zero
CVE-2017-7004, Ian Beer of Google Project Zero
CVE-2017-6975, Gal Beniamini of Google Project Zero
CVE-2017-2479, lokihardt of Google Project Zero
CVE-2017-2480, lokihardt of Google Project Zero
CVE-2017-2493, lokihardt of Google Project Zero
CVE-2017-2492, lokihardt of Google Project Zero
CVE-2017-2456, lokihardt of Google Project Zero
CVE-2017-2472, Ian Beer of Google Project Zero
CVE-2017-2473, Ian Beer of Google Project Zero
CVE-2017-2474, Ian Beer of Google Project Zero
CVE-2017-2478, Ian Beer of Google Project Zero
CVE-2017-2482, Ian Beer of Google Project Zero
CVE-2017-2483, Ian Beer of Google Project Zero
CVE-2017-2490, Ian Beer of Google Project Zero, The UK’s National Cyber Security Centre (NCSC)
CVE-2017-2454, Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-2455, Ivan Fratric of Google Project Zero
CVE-2017-2459, Ivan Fratric of Google Project Zero
CVE-2017-2460, Ivan Fratric of Google Project Zero
CVE-2017-2464, Natalie Silvanovich of Google Project Zero, Jeonghoon Shin
CVE-2017-2466, Ivan Fratric of Google Project Zero
CVE-2017-2468, lokihardt of Google Project Zero
CVE-2017-2469, lokihardt of Google Project Zero
CVE-2017-2470, lokihardt of Google Project Zero
CVE-2017-2476, Ivan Fratric of Google Project Zero
CVE-2017-2367, lokihardt of Google Project Zero
CVE-2017-2445, lokihardt of Google Project Zero
CVE-2017-2446, Natalie Silvanovich of Google Project Zero
CVE-2017-2447, Natalie Silvanovich of Google Project Zero
CVE-2017-2475, lokihardt of Google Project Zero
CVE-2017-2471, Ivan Fratric of Google Project Zero
CVE-2017-2376, an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)
CVE-2017-2457, lokihardt of Google Project Zero
CVE-2017-2364, lokihardt of Google Project Zero
CVE-2017-2442, lokihardt of Google Project Zero
CVE-2017-2443, Ian Beer of Google Project Zero
CVE-2017-2489, Ian Beer of Google Project Zero
CVE-2017-2362, Ivan Fratric of Google Project Zero
CVE-2017-2373, Ivan Fratric of Google Project Zero
CVE-2017-2369, Ivan Fratric of Google Project Zero
CVE-2017-2363, lokihardt of Google Project Zero
CVE-2017-2365, lokihardt of Google Project Zero
CVE-2017-2353, Ian Beer of Google Project Zero
CVE-2017-2361, lokihardt of Google Project Zero
CVE-2017-2370, Ian Beer of Google Project Zero
CVE-2017-2360, Ian Beer of Google Project Zero
CVE-2017-2371, lokihardt of Google Project Zero
CVE-2016-7612, Ian Beer of Google Project Zero
CVE-2016-7621, Ian Beer of Google Project Zero
CVE-2016-7637, Ian Beer of Google Project Zero
CVE-2016-7644, Ian Beer of Google Project Zero
CVE-2016-7660, Ian Beer of Google Project Zero

 

关键字: Tencent, 2017 漏洞数: 42, 2016 漏洞数: 49

CVE-2017-13788, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-13790, Zhiyang Zeng (@Wester) of Tencent Security Platform Department
CVE-2017-13789, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-13801, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-7076, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7134, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7135, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7136, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7137, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7085, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-7019, Zhiyang Zeng of Tencent Security Platform Department
CVE-2017-7011, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-7016, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7033, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7015, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2517, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-2525, Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2500, Zhiyang Zeng and Yuyang Zhou of Tencent Security Platform Department
CVE-2017-2511, Zhiyang Zeng of Tencent Security Platform Department
CVE-2017-2526, Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2463, Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2379, John Villamil, Doyensec, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2417, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2487, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2406, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2407, riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2416, Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent
CVE-2017-2415, Kai Kang of Tencent’s Xuanwu Lab (tentcent.com)
CVE-2017-2376, an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)
CVE-2017-2389, ShenYeYinJiu of Tencent Security Response Center, TSRC
CVE-2017-2453, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-2378, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-2431, kimyok of Tencent Security Platform Department
CVE-2017-2425, kimyok of Tencent Security Platform Department
CVE-2017-7071, Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2354, Neymar of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2366, Kai Kang of Tencent’s Xuanwu Lab (tencent.com)
CVE-2017-2359, xisigr of Tencent’s Xuanwu Lab (tencent.com)
CVE-2016-7658, Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659, Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7595, riusksk(泉哥) of Tencent Security Platform Department
CVE-2016-4691, riusksk(泉哥) of Tencent Security Platform Department

 

关键字: 360, 2017 漏洞数: 36, 2016 漏洞数: 14

CVE-2017-13799, Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-13807, Yangkang (@dnpushme) of Qihoo 360 Qex Team
CVE-2016-4736, Proteas of Qihoo 360 Nirvan Team
CVE-2017-7092, Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team
CVE-2017-13854, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7008, Yangkang (@dnpushme) of Qihoo 360 Qex Team
CVE-2017-7009, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7069, Proteas of Qihoo 360 Nirvan Team
CVE-2017-13853, shrek_wzw from Qihoo 360 NirvanTeam
CVE-2017-7021, sss and Axis of Qihoo 360 Nirvan Team
CVE-2017-7054, Alex Plaskett of MWR InfoSecurity, Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-7014, Lee of Minionz, Axis and sss of Qihoo 360 Nirvan Team
CVE-2017-7035, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7044, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7036, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7045, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7067, shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7032, Axis and sss of Qihoo 360 Nirvan Team
CVE-2017-2502, Yangkang (@dnpushme) of Qihoo360 Qex Team
CVE-2017-2544, 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative
CVE-2017-2503, sss and Axis of 360Nirvan team
CVE-2017-2545, 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative
CVE-2017-2542, 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative
CVE-2017-2543, 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative
CVE-2017-6985, Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
CVE-2017-2444, Mei Wang of 360 GearTeam
CVE-2017-2401, Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-2398, Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-2438, sss and Axis of 360Nirvanteam
CVE-2017-2427, Axis and sss of Qihoo 360 Nirvan Team
CVE-2017-2449, sss and Axis from 360NirvanTeam
CVE-2017-2408, Yangkang (@dnpushme) of Qihoo360 Qex Team
CVE-2017-2413, Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360
CVE-2016-7643, Yangkang (@dnpushme) of Qihoo360 Qex Team
CVE-2016-7647, Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-7699:, Proteas of Qihoo 360 Nirvan Team

 

关键字: Baidu, 2017 漏洞数: 9, 2016 漏洞数: 2

CVE-2017-7091, Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-7096, Wei Yuan of Baidu Security Lab
CVE-2017-7104, likemeng of Baidu Secutity Lab
CVE-2017-7111, likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-7020, likemeng of Baidu Security Lab
CVE-2017-2530, Wei Yuan of Baidu Security Lab, Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-2506, Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-2454, Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-2465, Zheng Huang and Wei Yuan of Baidu Security Lab

 

关键字: Ant-financial, 2017 漏洞数: 5

CVE-2017-13803, chenqin (陈钦) of Ant-financial Light-Year Security
CVE-2017-7120, chenqin (陈钦) of Ant-financial Light-Year Security Lab
CVE-2017-7030, chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
CVE-2017-7034, chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
CVE-2017-7017, chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)

 

关键字: Alibaba, 2017 漏洞数: 2, 2016 漏洞数: 2

CVE-2017-7119, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX
CVE-2017-7050, Min (Spark) Zheng of Alibaba Inc.

本文由360信安-涅槃团队原创发布

转载,请参考转载声明,注明出处: https://www.anquanke.com/post/id/92781

安全客 - 有思想的安全新媒体

分享到:微信
+10赞
收藏
360信安-涅槃团队
分享到:微信

发表评论

文章目录
内容需知
合作单位
  • 安全客
  • 安全客
Copyright © 北京奇虎科技有限公司 三六零数字安全科技集团有限公司 安全客 All Rights Reserved 京ICP备08010314号-66