小组成员发现Safari漏洞获得Apple官方致谢


近日,清华大学软件学院软件系统安全保障小组的研究生周炽金发现Safari中存在堆上的缓冲区溢出漏洞,目前该漏洞已提交给Apple官方进行确认并修复,编号为CVE-2021-30889。经Apple官方披露,该漏洞可能导致任意代码执行,影响所有Apple主流产品,包括:

MacOS[Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)],

iOS and iPadOS[iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)]

watchOS [Apple Watch Series 3 and later]

tvOS[Apple TV 4K and Apple TV HD]

 

官方在最新的上述操作系统的Security Update中已经向团队成员进行致谢,相关链接如下:

https://support.apple.com/zh-cn/HT212876

https://support.apple.com/zh-cn/HT212867

https://support.apple.com/zh-cn/HT212874

https://support.apple.com/zh-cn/HT212869