iOS 9.2 released, 360 found 5 security vulnerabilities and was thanked

iOS 9.2 released, 360 found 5 security vulnerabilities and was thanked

On December 9, Beijing time, Apple released the official version of iOS 9.2. This upgrade improved the functions of applications such as Apple Music, News, iBooks, Podcasts, etc. In addition, Apple fixed multiple security vulnerabilities in iOS and Xcode. The five vulnerabilities submitted by the 360 ​​Security Team were also confirmed and fixed, and Apple publicly thanked them.

Figure 1: Three vulnerabilities discovered by 360Vulcan Team have been fixed

The official version of iOS 9.2 pushed by Apple this time fixes three iOS kernel vulnerabilities discovered and submitted by 360Vulcan Team, numbered CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

According to Zheng Wenbin, head of the Vulcan Team, these three vulnerabilities are security vulnerabilities in the kernel of Apple's iOS operating system. Malicious apps or apps with vulnerabilities may use these vulnerabilities to break through the iOS sandbox, attack or enter the Apple system kernel, causing the user's mobile phone and other devices to restart or the data and applications in the mobile phone to be controlled. The vulnerability affects Apple operating systems of iOS 9.1 and lower versions, including iPhone, iPad, Apple touch and other devices.

Figure 2: Two vulnerabilities found by 360Nirvan Team were fixed

In addition, in the Xcode 7.2 security report released by Apple at the same time, two security vulnerabilities discovered by the 360 ​​Nirvan Team were confirmed and thanked.

The two vulnerabilities, numbered CVE-2015-7049 and CVE-2015-7057, are memory corruption vulnerabilities in the otool program (reverse analysis tool), affecting Mac OS X Yosemite operating system v10.10.5 or later. Nirvan Team leader Gao Xuefeng said that the existence of the vulnerability can cause local arbitrary code execution or DoS, which can attack people who use the tool.

360Nirvan Team is a young security research team under 360 company that specializes in iOS security research. In one year, it has obtained 4 vulnerabilities from Apple. In the recent XCode malicious code infection incident, 360Nirvan Team was the first in the world to publish the most comprehensive list of infected apps.

For security vendors, quickly discovering and responding to vulnerabilities is an essential foundation for improving protection capabilities. In addition to Apple, 360 has received many thanks from giants such as Microsoft, Google, and Adobe for discovering and assisting in fixing vulnerabilities. 360's vulnerability research capabilities have ranked first in the global security industry.

<<:  8 App Rapid Development Tools That Developers Must Know

>>:  Essential knowledge for Android development: I have a date with Gradle

Recommend

Collection | 20 niche and practical new media tools

Tool quotient, which is the ability to use variou...

This mushroom that grows on poop, you often use it to make soup!!!

Mushrooms grow on poop Pickled pepper chicken fee...

Wanmen University - Python programming basics for beginners fun practical course

Baidu Netdisk download location: r-67-Wanmen Univ...

Shenzhou Special Car "bites" Uber: guessed the beginning but not the end

In order to make the headlines, Shenzhou Special ...

How to establish a user perspective? Use the 7-step analysis method!

What is the user perspective? This is actually a ...

Wild rabbits are a disaster in Australia, and Sichuan people are very "anxious"

Audit expert: Ran Hao Well-known science writer W...

There are also auroras on Mercury, but they haven’t emitted light yet!

Produced by: Science Popularization China Author:...

Are beverages healthy if they use sugar substitutes?

When it comes to sweet things, the first thing th...