lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <0D81360C-32B3-4332-BC97-30195A857AE5@lists.apple.com>
Date: Wed, 19 Jul 2017 12:34:10 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

iCloud for Windows 6.2.2 is now available and addresses the
following:

libxml2
Available for:  Windows 7 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7018: lokihardt of Google Project Zero
CVE-2017-7020: likemeng of Baidu Security Lab
CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab
(蚂蚁金服巴斯光年安全实验室)
CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab
(蚂蚁金服巴斯光年安全实验室)
CVE-2017-7037: lokihardt of Google Project Zero
CVE-2017-7039: Ivan Fratric of Google Project Zero
CVE-2017-7040: Ivan Fratric of Google Project Zero
CVE-2017-7041: Ivan Fratric of Google Project Zero
CVE-2017-7042: Ivan Fratric of Google Project Zero
CVE-2017-7043: Ivan Fratric of Google Project Zero
CVE-2017-7046: Ivan Fratric of Google Project Zero
CVE-2017-7048: Ivan Fratric of Google Project Zero
CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
CVE-2017-7056: lokihardt of Google Project Zero
CVE-2017-7061: lokihardt of Google Project Zero

WebKit
Available for:  Windows 7 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-7064: lokihardt of Google Project Zero

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit Page Loading
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7012: Apple

Installation note:

iCloud for Windows 6.2.2 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VTAAoJEIOj74w0bLRG9dEP/396jAX5bECv18jTV99YM0Gy
Ji25sCWWy8OqUJoertlJ1uy8GPIphNqhbRA6F6QGgyMLAPjpEco/WkeMmozpwE9f
got8C5sI2eg7t52jk5pn5NJLYKCqUieMUtFbGIJ6lNCfpUl/vcc+Er5cTU+do3nY
d7DP5dZgqFUI8NKi3SZAyRvf7AHOCZrGchl7Wql66aC4org5O0H9jgrolzifnn2S
73e6DIGWDtAiRGCvks5hVTi5pTf+gfEG9Oc1n9HH7UoqKha8qZxkkbP5aDdM+8Er
FQDH2xOXNng8nDqDOCvInfOMYPdD6+Vn2zJkzTC/Pg2aaZWBEz79IEMH4eeLPW0c
2Sr7JDgmkFw787Dk8U6fqQzeBVvCBR2JF31ra1gG8Qb8rt7rBVdLvD6/VCjsflDx
A644GnZ8TsMF3g+qqUXgLDM684/1FW+ZVsm2AES6cdBiWm1H+sKxCOhOiPcoxwCm
cEBFWcZYDIPQ1eb+RPIWYa3QaarBwmTNXeEIxBMFDB7KOAXYuM1M+YdsjRVMMuR/
XYK35D9VAYrtD2FCPJR7KXk3cd8Ryp6cQwaoD7y+aEH++c4UzL1eaZ4SvVvsvYg2
A1wOnasN5XU3aZkqGFQNCHkDMQVCMWqhM8BQqC6jAGVf5r0LTs21BQb0eXlfvX81
jJuXbef9tR1yzYvHNWkK
=RJAg
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ