近日,水木羽林团队发现Apple官方出品的Safari浏览器中存在高危安全漏洞,漏洞类型为堆缓冲区溢出,目前该漏洞已提交给Apple官方进行确认并修复,编号为CVE-2021-30889。经Apple官方披露,该漏洞可能导致任意代码执行,影响所有Apple主流产品,包括:
- MacOS[Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)]
- iOS and iPadOS[iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)]
- watchOS [Apple Watch Series 3 and later]
- tvOS[Apple TV 4K and Apple TV HD]
官方在最新的上述操作系统的Security Update中已经向团队进行致谢,详情如下:
网址:https://support.apple.com/zh-cn/HT212867
网址:https://support.apple.com/zh-cn/HT212869
网址 :https://support.apple.com/zh-cn/HT212876
网址:https://support.apple.com/zh-cn/HT212874
后续,水木羽林团队将持续关注基础软件安全。