lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <48EA86FB-5D9A-4922-90A6-74FCA5BF533C@lists.apple.com>
Date: Tue, 28 Mar 2017 15:47:50 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for:  Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University Munich (TUM)

libxslt
Available for:  Windows 7 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-5029: Holger Fuhrmannek

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab
(tencent.com) working with Trend Micro's Zero Day Initiative

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in element handling. This
issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
CVE-2017-2480: lokihardt of Google Project Zero

Installation note:

iCloud for Windows 6.2 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGjG0QAIcKPrg0HmHcv27Zl70Bt8qi
WRTANu+nbu0QjwaAwLZlOnS9d/XKfA2fkStlUnUzlJHXvF+KY+F6AN0vGQZ158ZU
gqdZZmhtEl1WZa8a1yr2t83RC/Q+NsU/Ai9W1zoLAw8LU7eRbt+sNvR3Bx7RhXYH
A68aKe7+AMuv7yuxKeaHtwox45yj4tEHtoURZkAZdsPcdV+k6UEdVf9lnaIaGqDb
E21+clnkc58uQ57UAtVcEzM9XFXdzfy7Y6nYpALXGCVNt79oSfByAZ2qvDu0auRx
rCc8s4O2K044bpaetkMJgAA2MmaeUO0ZVLeSW+8t+7w4Qyik6lsxIhJPjZ3qYXaa
Wb8WfJgj0Dl7s7Wvgozc8wA+eVaksaz2Y8SPM4I75h5+IT1ZHdswdSIMAFC3lsCs
RmSHA8P3SBOsfoWQ3Aa8dXsmaO6Cp+5A+lP8MEdQptBHKhR8z0MWqpkI2taJqof+
3DcDL7+ZQklk0EzlrGcNI+ygbHyx1TJqRLHD7aB40DwmFAy41kBHkR4nmnQ/kcoF
WZVwa6WsWDNg6z4823pUTZTSuKvK7vEQeXZnIj9m/SAJgrGQUGJ2cbybgep5iNWk
zmQwxAR7uuDwD6fEtXHhAULNKGtvfOOomvQypafsIh75lGKZ1SnCojEv7bqF9UXU
xCLGJWVtI1fBZbzME47M
=w8Kd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ