APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iTunes for Windows. This was addressed with improved state handling.
CVE-2019-6232: Stefan Kanthak (eskamation.de)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API. This
was addressed with improved input validation.
CVE-2019-8515: James Lee (@Windowsrcer)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)

Windows Installer
Available for: Windows 7 and later
Impact: Running the iCloud installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iCloud for Windows. This was addressed with improved state handling.
CVE-2019-6236: Stefan Kanthak (eskamation.de)

Additional recognition

Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.

Installation note:

iCloud for Windows 7.11 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11的更多相关文章

  1. [2019.03.25]Linux中的查找

    TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...

  2. Alpha冲刺(2/10)——2019.4.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Alpha冲刺(2/10)--2019.4.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪 ...

  3. Beta冲刺(4/7)——2019.5.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Beta冲刺(4/7)--2019.5.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪万里 ...

  4. [MP3]MP3固件持续分享(2019.1.25)

    转载自我的博客:https://blog.ljyngup.com/archives/179.html/ 所有的固件到我的博客就可以下载哦 最后更新于2019.2.1 前言 这篇文章会持续更新不同型号的 ...

  5. IntelliJ IDEA 2018.3.3配置 Tomcat 9,控制台出现中文乱码 “淇℃伅”(2019/01/25)

    (win10系统) 全新idea配置全新版本Tomcat突遇 “淇℃伅”,网上大部分解决方案均已失效 似乎是idea与Tomcat命令行输出格式不一致所致,千辛万苦在某一小角落发现这个方法,一针见血, ...

  6. 2019.3.25 SQL语句(进阶篇1)

    运算符 基本的加减乘除取余都可以在SQL中使用 新建Employee1表并添加数据 create table Employee1 (eid int primary key auto_increment ...

  7. 2019.2.25考试T3, 离线+线段树

    \(\color{#0066ff}{题解}\) #include<bits/stdc++.h> #define LL long long LL in() { char ch; LL x = ...

  8. Selenium对浏览器支持的版本【2019/10/25更新】

    最新的selenium与几种常用浏览器的版本兼容情况:(以下驱动,点击直接跳转官方下载地址) 尽量选择最新版本-1的浏览器,比如最新的是60,那就使用59.(建议Chrome更新至72+版本.Fire ...

  9. Alpha冲刺(3/10)——2019.4.25

    作业描述 课程 软件工程1916|W(福州大学) 团队名称 修!咻咻! 作业要求 项目Alpha冲刺(团队) 团队目标 切实可行的计算机协会维修预约平台 开发工具 Eclipse 团队信息 队员学号 ...

随机推荐

  1. 【English】20190328

    Emotions情绪 [ɪ'moʊʃənz]  Run Your Life for Teens影响你的青少年生活[ti:nz] Don't Let Your Emotions Run Your Lif ...

  2. jpa 分页

    public Page<Stability> testPager(){ Pageable pageable = new PageRequest(1, 10, Sort.Direction. ...

  3. centos7下kubernetes(18。kubernetes-健康检查)

    自愈能力是容器的重要特性.自愈的默认方式是自动重启发生故障的容器. 用户还可以通过liveness和readiness探测机制设置更精细的健康检查,进而实现: 1.零停机部署 2.避免部署无效的镜像 ...

  4. day 1总结-python基础

    第一天的复习 目录:1.编程语言的区分 2.python的优缺点 3.python环境的搭建,版本之间的大致区别 4.代码的注释规则 5.变量 6.常量 7.基本程序交互 8.基础数据类型 9.基础循 ...

  5. python基础语法、数据结构、字符编码、文件处理 练习题

    考试范围 '''1.python入门:编程语言相关概念2.python基础语法:变量.运算符.流程控制3.数据结构:数字.字符串.列表.元组.字典.集合4.字符编码5.文件处理''' 考试内容 1.简 ...

  6. 【Atcoder Grand Contest 011 F】Train Service Planning

    题意:给\(n+1\)个站\(0,\dots,n\),连续的两站\(i-1\)和\(i\)之间有一个距离\(A_i\),其是单行(\(B_i=1\))或双行(\(B_i=2\)),单行线不能同时有两辆 ...

  7. Linux内存管理 (2)页表的映射过程

    专题:Linux内存管理专题 关键词:swapper_pd_dir.ARM PGD/PTE.Linux PGD/PTE.pgd_offset_k. Linux下的页表映射分为两种,一是Linux自身的 ...

  8. svn 钩子应用 - svn 提交字符限制, 不能为空

    一.版本库钩子 1.1 start-commit  开始提交的通知 输入参数:传递给你钩子程序的命令行参数,顺序如下: 1.  版本库路径 2.  认证过的尝试提交的用户名 3.  Depth,mer ...

  9. python部署galery集群

    galery.py文件内容 import pexpect import os import configparser HOSTNAME_DB1='db1' HOSTNAME_DB2='db2' HOS ...

  10. 科大讯飞语音合成api

    import base64import jsonimport timeimport hashlibimport requests # API请求地址.API KEY.APP ID等参数,提前填好备用a ...