APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iTunes for Windows. This was addressed with improved state handling.
CVE-2019-6232: Stefan Kanthak (eskamation.de)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API. This
was addressed with improved input validation.
CVE-2019-8515: James Lee (@Windowsrcer)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)

Windows Installer
Available for: Windows 7 and later
Impact: Running the iCloud installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iCloud for Windows. This was addressed with improved state handling.
CVE-2019-6236: Stefan Kanthak (eskamation.de)

Additional recognition

Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.

Installation note:

iCloud for Windows 7.11 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11的更多相关文章

  1. [2019.03.25]Linux中的查找

    TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...

  2. Alpha冲刺(2/10)——2019.4.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Alpha冲刺(2/10)--2019.4.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪 ...

  3. Beta冲刺(4/7)——2019.5.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Beta冲刺(4/7)--2019.5.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪万里 ...

  4. [MP3]MP3固件持续分享(2019.1.25)

    转载自我的博客:https://blog.ljyngup.com/archives/179.html/ 所有的固件到我的博客就可以下载哦 最后更新于2019.2.1 前言 这篇文章会持续更新不同型号的 ...

  5. IntelliJ IDEA 2018.3.3配置 Tomcat 9,控制台出现中文乱码 “淇℃伅”(2019/01/25)

    (win10系统) 全新idea配置全新版本Tomcat突遇 “淇℃伅”,网上大部分解决方案均已失效 似乎是idea与Tomcat命令行输出格式不一致所致,千辛万苦在某一小角落发现这个方法,一针见血, ...

  6. 2019.3.25 SQL语句(进阶篇1)

    运算符 基本的加减乘除取余都可以在SQL中使用 新建Employee1表并添加数据 create table Employee1 (eid int primary key auto_increment ...

  7. 2019.2.25考试T3, 离线+线段树

    \(\color{#0066ff}{题解}\) #include<bits/stdc++.h> #define LL long long LL in() { char ch; LL x = ...

  8. Selenium对浏览器支持的版本【2019/10/25更新】

    最新的selenium与几种常用浏览器的版本兼容情况:(以下驱动,点击直接跳转官方下载地址) 尽量选择最新版本-1的浏览器,比如最新的是60,那就使用59.(建议Chrome更新至72+版本.Fire ...

  9. Alpha冲刺(3/10)——2019.4.25

    作业描述 课程 软件工程1916|W(福州大学) 团队名称 修!咻咻! 作业要求 项目Alpha冲刺(团队) 团队目标 切实可行的计算机协会维修预约平台 开发工具 Eclipse 团队信息 队员学号 ...

随机推荐

  1. 第一节 anaconda+jupyter+numpy简单使用

    数据分析:是把隐藏在一些看似杂乱无章的数据背后的信息提炼出来,总结出所研究对象的内在规律 数据分析三剑客:Numpy,Pandas,Matplotlib 一 Anaconda 1 下载 官网:http ...

  2. 前端学习-基础部分-css(一)

    开始今日份整理 1.CSS的导入方式 CSS的导入方式主要是有内联模式,行内模式,外部样式表 1.1 内联模式 内联模式:直接在<head>中直接写css,例如 p{ color:rgb( ...

  3. 20145203盖泽双《网络对抗技术》拓展:注入:shellcode及return-into-libc攻击

    20145203盖泽双<网络对抗技术>拓展:注入:shellcode及return-into-libc攻击 一.注入:shellcode 1.编写一段用于获取Shellcode的C语言代码 ...

  4. .Net Core HttpClient 忽略https证书提醒

    在测试中经常会遇到请求一些https的url,但又没有本地证书,这时候可以用下面的方法忽略警告 var httpclientHandler = new HttpClientHandler(); htt ...

  5. JQuery 获取select 的value值和文本值

    <select name="month" id="selMonth">    <option value="1">一 ...

  6. 控制结构(6): 最近最少使用(LRU)

    // 上一篇:必经之地(using) // 下一篇:程序计数器(PC) 基于语言提供的基本控制结构,更好地组织和表达程序,需要良好的控制结构. There are only two hard thin ...

  7. Linux命令(五)创建文件或修改文件时间 touch

    Linux中 touch 命令可以改变文档或目录时间, 包括存取时间或更改时间, 也可以用于创建新文件. 命令格式: touch [选项] [参数] 选项: -a   只更改文件的读取时间. -m   ...

  8. 洛谷 P1443 马的遍历

    终于遇到一个简单纯粹一点的bfs了...... 题目链接:https://www.luogu.org/problemnew/show/P1443 题目是求到达一个点的最短步数 也就是说我只要bfs遍历 ...

  9. Python 离线 安装requests第三方库

    一.介绍 requests是Python的一个HTTP客户端库,跟urllib,urllib2类似,不过requests的优势在于使用简单,相同一个功能,用requests实现起来代码量要少很多.毕竟 ...

  10. [模板] 笛卡尔树 && RMQ

    话说我noip之前为什么要学这种东西... 简介 笛卡尔树(Cartesian Tree) 是一种二叉树, 且同时具有以下两种性质: 父亲节点的值大于/小于子节点的值; 中序遍历的结果为原序列. 笛卡 ...