| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jul 2017 12:34:10 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 iCloud for Windows 6.2.2 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7010: Apple CVE-2017-7013: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7018: lokihardt of Google Project Zero CVE-2017-7020: likemeng of Baidu Security Lab CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-7037: lokihardt of Google Project Zero CVE-2017-7039: Ivan Fratric of Google Project Zero CVE-2017-7040: Ivan Fratric of Google Project Zero CVE-2017-7041: Ivan Fratric of Google Project Zero CVE-2017-7042: Ivan Fratric of Google Project Zero CVE-2017-7043: Ivan Fratric of Google Project Zero CVE-2017-7046: Ivan Fratric of Google Project Zero CVE-2017-7048: Ivan Fratric of Google Project Zero CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative CVE-2017-7055: The UK's National Cyber Security Centre (NCSC) CVE-2017-7056: lokihardt of Google Project Zero CVE-2017-7061: lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2017-7064: lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-7049: Ivan Fratric of Google Project Zero WebKit Page Loading Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department WebKit Web Inspector Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7012: Apple Installation note: iCloud for Windows 6.2.2 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZb5VTAAoJEIOj74w0bLRG9dEP/396jAX5bECv18jTV99YM0Gy Ji25sCWWy8OqUJoertlJ1uy8GPIphNqhbRA6F6QGgyMLAPjpEco/WkeMmozpwE9f got8C5sI2eg7t52jk5pn5NJLYKCqUieMUtFbGIJ6lNCfpUl/vcc+Er5cTU+do3nY d7DP5dZgqFUI8NKi3SZAyRvf7AHOCZrGchl7Wql66aC4org5O0H9jgrolzifnn2S 73e6DIGWDtAiRGCvks5hVTi5pTf+gfEG9Oc1n9HH7UoqKha8qZxkkbP5aDdM+8Er FQDH2xOXNng8nDqDOCvInfOMYPdD6+Vn2zJkzTC/Pg2aaZWBEz79IEMH4eeLPW0c 2Sr7JDgmkFw787Dk8U6fqQzeBVvCBR2JF31ra1gG8Qb8rt7rBVdLvD6/VCjsflDx A644GnZ8TsMF3g+qqUXgLDM684/1FW+ZVsm2AES6cdBiWm1H+sKxCOhOiPcoxwCm cEBFWcZYDIPQ1eb+RPIWYa3QaarBwmTNXeEIxBMFDB7KOAXYuM1M+YdsjRVMMuR/ XYK35D9VAYrtD2FCPJR7KXk3cd8Ryp6cQwaoD7y+aEH++c4UzL1eaZ4SvVvsvYg2 A1wOnasN5XU3aZkqGFQNCHkDMQVCMWqhM8BQqC6jAGVf5r0LTs21BQb0eXlfvX81 jJuXbef9tR1yzYvHNWkK =RJAg -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists