zoukankan      html  css  js  c++  java
  • APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

    APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

    iCloud for Windows 7.11 is now available and addresses the following:

    CoreCrypto
    Available for: Windows 7 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow was addressed with improved bounds
    checking.
    CVE-2019-8542: an anonymous researcher

    iTunes
    Available for: Windows 7 and later
    Impact: Running the iTunes installer in an untrusted directory may
    result in arbitrary code execution
    Description: A race condition existed during the installation of
    iTunes for Windows. This was addressed with improved state handling.
    CVE-2019-6232: Stefan Kanthak (eskamation.de)

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A type confusion issue was addressed with improved
    memory handling.
    CVE-2019-8506: Samuel Groß of Google Project Zero

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    state management.
    CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed with
    improved memory handling.
    CVE-2019-6201: dwfault working with ADLab of Venustech
    CVE-2019-8518: Samuel Groß of Google Project Zero
    CVE-2019-8523: Apple
    CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
    CVE-2019-8558: Samuel Groß of Google Project Zero
    CVE-2019-8559: Apple
    CVE-2019-8563: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may disclose
    sensitive user information
    Description: A cross-origin issue existed with the fetch API. This
    was addressed with improved input validation.
    CVE-2019-8515: James Lee (@Windowsrcer)

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    memory handling.
    CVE-2019-8536: Apple
    CVE-2019-8544: an anonymous researcher

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A use after free issue was addressed with improved
    memory management.
    CVE-2019-7285: dwfault working at ADLab of Venustech
    CVE-2019-8556: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory
    Description: A validation issue was addressed with improved logic.
    CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

    WebKit
    Available for: Windows 7 and later
    Impact: A malicious website may be able to execute scripts in the
    context of another website
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8503: Linus Särud of Detectify

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8551: Ryan Pickren (ryanpickren.com)

    Windows Installer
    Available for: Windows 7 and later
    Impact: Running the iCloud installer in an untrusted directory may
    result in arbitrary code execution
    Description: A race condition existed during the installation of
    iCloud for Windows. This was addressed with improved state handling.
    CVE-2019-6236: Stefan Kanthak (eskamation.de)

    Additional recognition

    Safari
    We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
    (payatu.com) for their assistance.

    WebKit
    We would like to acknowledge Andrey Kovalev of Yandex Security Team
    for their assistance.

    Installation note:

    iCloud for Windows 7.11 may be obtained from:
    https://support.apple.com/HT204283

    Information will also be posted to the Apple Security Updates
    web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key,
    and details are available at:
    https://www.apple.com/support/security/pgp/

  • 相关阅读:
    QPS、PV和需要部署机器数量计算公式
    libevent 源码深度剖析十三
    libevent源码深度剖析十二
    libevent源码深度剖析十一
    libevent源码深度剖析十
    libevent源码深度剖析九
    libevent源码深度剖析八
    ADO.NET入门教程(三) 连接字符串,你小觑了吗?
    配置文件的使用,如果要跨平台,建议直接用 xml, json, ini 或者本文档,看自己方便
    firemonkey 去掉ios 虚拟键盘上的‘done’toolbar
  • 原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10604142.html
Copyright © 2011-2022 走看看