| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2017 11:36:19 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-09-25-2 iCloud for Windows 7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-25-2 iCloud for Windows 7 iCloud for Windows 7 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7087: Apple CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day Initiative CVE-2017-7096: Wei Yuan of Baidu Security Lab CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica CVE-2017-7099: Apple CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53 CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7104: likemeng of Baidu Secutity Lab CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative CVE-2017-7117: lokihardt of Google Project Zero CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC WebKit Available for: Windows 7 and later Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7090: Apple WebKit Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: Application Cache policy may be unexpectedly applied. CVE-2017-7109: avlidienbrunn Installation note: iCloud for Windows 7 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGJFMP/0KnfKrqB1QcYuwcRJyUeM2N lM4hxp2blsaHqGxxQx0KUb07N6ALWQV2JoTyDaBUkTHmVjz0Kf0XHeCJHhd1fsw6 PEIKh2umL4jE+I+gRxGC+h3jTF2WeEw3NljLI/2r+39UXI+CN6O8OCk3tE4Zpitn 4DV21lZqoGmCha+pPIBd3y4YnrhWNGbV6Pf315GF7dz7qmSFLKSuoVNRDcdLY4p3 LJr6U65nbjkAwgIwPDE35JEbxdU8bL09mJ3P9V9/pBX7cp7llS24hTLyaUjd2mj9 HFVDW41STPL4CThJ/IQgYt3pLsnNG3oRRYHNQZkHTx31eCiZ0Y80WpizEFHFm67Q UjXOV55Ee+f+IRuaKNqSpx5jDly+G0D0W2QijaZcGttl1H4xI/sCNNcUC+IuME/g /L3MgnhymSmZx4FtLIhHGqxBZGCdgDN5d7NswEoaoqvKLeIey3SngI+WJ8FTX5op mcaMQiELP1FoIjC8525t3vKc38xWH+Juep2W42Tut3WI0E5oafrJls/A7nDRvleV IWxYB+qV3L9r9BwAWiLX9IUOwR11qmPcBwiTvBFhAnH5YrqWuWsDDYqWFAl8gvut SFGkWpzgPfhRbXWQQrWfxUH4LLAVxUp1i60XT98OqNkbpWVl6eeL6Wk+BlLKMO3k T6H6avzc1J+JDpLWQ7Yc =NU3/ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists