APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iTunes for Windows. This was addressed with improved state handling.
CVE-2019-6232: Stefan Kanthak (eskamation.de)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API. This
was addressed with improved input validation.
CVE-2019-8515: James Lee (@Windowsrcer)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)

Windows Installer
Available for: Windows 7 and later
Impact: Running the iCloud installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iCloud for Windows. This was addressed with improved state handling.
CVE-2019-6236: Stefan Kanthak (eskamation.de)

Additional recognition

Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.

Installation note:

iCloud for Windows 7.11 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11的更多相关文章

  1. [2019.03.25]Linux中的查找

    TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...

  2. Alpha冲刺(2/10)——2019.4.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Alpha冲刺(2/10)--2019.4.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪 ...

  3. Beta冲刺(4/7)——2019.5.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Beta冲刺(4/7)--2019.5.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪万里 ...

  4. [MP3]MP3固件持续分享(2019.1.25)

    转载自我的博客:https://blog.ljyngup.com/archives/179.html/ 所有的固件到我的博客就可以下载哦 最后更新于2019.2.1 前言 这篇文章会持续更新不同型号的 ...

  5. IntelliJ IDEA 2018.3.3配置 Tomcat 9,控制台出现中文乱码 “淇℃伅”(2019/01/25)

    (win10系统) 全新idea配置全新版本Tomcat突遇 “淇℃伅”,网上大部分解决方案均已失效 似乎是idea与Tomcat命令行输出格式不一致所致,千辛万苦在某一小角落发现这个方法,一针见血, ...

  6. 2019.3.25 SQL语句(进阶篇1)

    运算符 基本的加减乘除取余都可以在SQL中使用 新建Employee1表并添加数据 create table Employee1 (eid int primary key auto_increment ...

  7. 2019.2.25考试T3, 离线+线段树

    \(\color{#0066ff}{题解}\) #include<bits/stdc++.h> #define LL long long LL in() { char ch; LL x = ...

  8. Selenium对浏览器支持的版本【2019/10/25更新】

    最新的selenium与几种常用浏览器的版本兼容情况:(以下驱动,点击直接跳转官方下载地址) 尽量选择最新版本-1的浏览器,比如最新的是60,那就使用59.(建议Chrome更新至72+版本.Fire ...

  9. Alpha冲刺(3/10)——2019.4.25

    作业描述 课程 软件工程1916|W(福州大学) 团队名称 修!咻咻! 作业要求 项目Alpha冲刺(团队) 团队目标 切实可行的计算机协会维修预约平台 开发工具 Eclipse 团队信息 队员学号 ...

随机推荐

  1. Redis数据持久化、数据备份、数据的故障恢复

    1.redis持久化的意义----redis故障恢复 在实际的生产环境中,很可能会遇到redis突然挂掉的情况,比如redis的进程死掉了.电缆被施工队挖了(支付宝例子)等等,总之一定会遇到各种奇葩的 ...

  2. day03(变量,常量,输入输出,注释,基本数据类型,运算符)

    一,复习 ''' 1.语言的分类 -- 机器语言:直接编写0,1指令,直接能被硬件执行 -- 汇编语言:编写助记符(与指令的对应关系),找到对应的指令直接交给硬件执行 -- 高级语言:编写人能识别的字 ...

  3. 算法笔记-状压dp

    状压dp 就是把状态压缩的dp 这样还是一种暴力但相对于纯暴力还是优雅的多. 实际上dp就是经过优化的暴力罢了 首先要了解位运算 给个链接吧 [https://blog.csdn.net/u01337 ...

  4. fisher线性判别

    fisher 判决方式是监督学习,在新样本加入之前,已经有了原样本. 原样本是训练集,训练的目的是要分类,也就是要找到分类线.一刀砍成两半! 当样本集确定的时候,分类的关键就在于如何砍下这一刀! 若以 ...

  5. 【学习总结】GirlsInAI ML-diary day-13-Try/Except 异常处理

    [学习总结]GirlsInAI ML-diary 总 原博github链接-day13 认识异常处理 要点小结: try和except是同个等级,注意对齐和缩进 可以把try和except直接理解成另 ...

  6. 【翻译】IdentityServer4:基于资源的配置

    这篇文章基于https://leastprivilege.com/2016/12/01/new-in-identityserver4-resource-based-configuration/进行翻译 ...

  7. matplotlib使用

    import numpy as np import matplotlib.pyplot as plt 生成数据 mean1=[5,5] cov1=[[1,1],[1,1.5]] data=np.ran ...

  8. springdata find立即加载 get延迟加载 get返回的是一个动态代理对象 特点是 用的时候才会查询 否则不查询

  9. CF95C Volleyball

    题意翻译 给出一个图,双向边,边上有权值代表路的距离,然后每个点上有两个值,t,c,t代表能从这个点最远沿边走t,且不能在半路下来,花费是c 现在告诉你起点终点,问最少的花费 点个数1000,边个数1 ...

  10. Django------多表操作

    一. 创建模型 实例:我们来假定下面这些概念,字段和关系 作者模型:一个作者有姓名和年龄. 作者详细模型:把作者的详情放到详情表,包含生日,手机号,家庭住址等信息.作者详情模型和作者模型之间是一对一的 ...