On December 9, Beijing time, Apple released the official version of iOS 9.2. This upgrade improved the functions of applications such as Apple Music, News, iBooks, Podcasts, etc. In addition, Apple fixed multiple security vulnerabilities in iOS and Xcode. The five vulnerabilities submitted by the 360 Security Team were also confirmed and fixed, and Apple publicly thanked them. Figure 1: Three vulnerabilities discovered by 360Vulcan Team have been fixed The official version of iOS 9.2 pushed by Apple this time fixes three iOS kernel vulnerabilities discovered and submitted by 360Vulcan Team, numbered CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042. According to Zheng Wenbin, head of the Vulcan Team, these three vulnerabilities are security vulnerabilities in the kernel of Apple's iOS operating system. Malicious apps or apps with vulnerabilities may use these vulnerabilities to break through the iOS sandbox, attack or enter the Apple system kernel, causing the user's mobile phone and other devices to restart or the data and applications in the mobile phone to be controlled. The vulnerability affects Apple operating systems of iOS 9.1 and lower versions, including iPhone, iPad, Apple touch and other devices. Figure 2: Two vulnerabilities found by 360Nirvan Team were fixed In addition, in the Xcode 7.2 security report released by Apple at the same time, two security vulnerabilities discovered by the 360 Nirvan Team were confirmed and thanked. The two vulnerabilities, numbered CVE-2015-7049 and CVE-2015-7057, are memory corruption vulnerabilities in the otool program (reverse analysis tool), affecting Mac OS X Yosemite operating system v10.10.5 or later. Nirvan Team leader Gao Xuefeng said that the existence of the vulnerability can cause local arbitrary code execution or DoS, which can attack people who use the tool. 360Nirvan Team is a young security research team under 360 company that specializes in iOS security research. In one year, it has obtained 4 vulnerabilities from Apple. In the recent XCode malicious code infection incident, 360Nirvan Team was the first in the world to publish the most comprehensive list of infected apps. For security vendors, quickly discovering and responding to vulnerabilities is an essential foundation for improving protection capabilities. In addition to Apple, 360 has received many thanks from giants such as Microsoft, Google, and Adobe for discovering and assisting in fixing vulnerabilities. 360's vulnerability research capabilities have ranked first in the global security industry. |
<<: 8 App Rapid Development Tools That Developers Must Know
>>: Essential knowledge for Android development: I have a date with Gradle
Tool quotient, which is the ability to use variou...
Mushrooms grow on poop Pickled pepper chicken fee...
Baidu Netdisk download location: r-67-Wanmen Univ...
In order to make the headlines, Shenzhou Special ...
The Qingming Festival is approaching. Tomb sweepin...
What is the user perspective? This is actually a ...
Audit expert: Ran Hao Well-known science writer W...
With the development of society, the growth momen...
Produced by: Science Popularization China Author:...
1. Changan Automobile plans to increase its layou...
Autonomous driving is not something that is out o...
When it comes to sweet things, the first thing th...
Let me share a new term, the HOOKED addiction mod...
With the continuous improvement of the rule of law...