zoukankan      html  css  js  c++  java
  • APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

    APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

    iCloud for Windows 7.11 is now available and addresses the following:

    CoreCrypto
    Available for: Windows 7 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow was addressed with improved bounds
    checking.
    CVE-2019-8542: an anonymous researcher

    iTunes
    Available for: Windows 7 and later
    Impact: Running the iTunes installer in an untrusted directory may
    result in arbitrary code execution
    Description: A race condition existed during the installation of
    iTunes for Windows. This was addressed with improved state handling.
    CVE-2019-6232: Stefan Kanthak (eskamation.de)

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A type confusion issue was addressed with improved
    memory handling.
    CVE-2019-8506: Samuel Groß of Google Project Zero

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    state management.
    CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed with
    improved memory handling.
    CVE-2019-6201: dwfault working with ADLab of Venustech
    CVE-2019-8518: Samuel Groß of Google Project Zero
    CVE-2019-8523: Apple
    CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
    CVE-2019-8558: Samuel Groß of Google Project Zero
    CVE-2019-8559: Apple
    CVE-2019-8563: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may disclose
    sensitive user information
    Description: A cross-origin issue existed with the fetch API. This
    was addressed with improved input validation.
    CVE-2019-8515: James Lee (@Windowsrcer)

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    memory handling.
    CVE-2019-8536: Apple
    CVE-2019-8544: an anonymous researcher

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A use after free issue was addressed with improved
    memory management.
    CVE-2019-7285: dwfault working at ADLab of Venustech
    CVE-2019-8556: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory
    Description: A validation issue was addressed with improved logic.
    CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

    WebKit
    Available for: Windows 7 and later
    Impact: A malicious website may be able to execute scripts in the
    context of another website
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8503: Linus Särud of Detectify

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8551: Ryan Pickren (ryanpickren.com)

    Windows Installer
    Available for: Windows 7 and later
    Impact: Running the iCloud installer in an untrusted directory may
    result in arbitrary code execution
    Description: A race condition existed during the installation of
    iCloud for Windows. This was addressed with improved state handling.
    CVE-2019-6236: Stefan Kanthak (eskamation.de)

    Additional recognition

    Safari
    We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
    (payatu.com) for their assistance.

    WebKit
    We would like to acknowledge Andrey Kovalev of Yandex Security Team
    for their assistance.

    Installation note:

    iCloud for Windows 7.11 may be obtained from:
    https://support.apple.com/HT204283

    Information will also be posted to the Apple Security Updates
    web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key,
    and details are available at:
    https://www.apple.com/support/security/pgp/

  • 相关阅读:
    pytest: error: unrecognized arguments: --html=report.html
    运行pytest报错“PytestUnknownMarkWarning: Unknown pytest.mark.***
    SQL启动代理服务-自动备份的前提
    SQL Server数据库每日自动备份作业操作步骤(转载)
    c#播放声音文件(转载)
    使用Office组件导出Excel表格
    四舍五入保留小数问题
    List数据集按对象某个属性排序
    C# 创建Windows Service(Windows服务)程序
    WebService下实现大数据量的传输(转载)
  • 原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10604142.html
Copyright © 2011-2022 走看看