lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 25 Sep 2017 11:36:19 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-09-25-2 iCloud for Windows 7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-25-2 iCloud for Windows 7

iCloud for Windows 7 is now available and addresses the following:

SQLite
Available for:  Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7081: Apple

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7087: Apple
CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend
Micro’s Zero Day Initiative
CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend
Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360
Vulcan Team
CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend
Micro’s Zero Day Initiative
CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group
CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University working with Trend Micro’s Zero Day
Initiative
CVE-2017-7096: Wei Yuan of Baidu Security Lab
CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica
CVE-2017-7099: Apple
CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53
CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7104: likemeng of Baidu Secutity Lab
CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)
working with Trend Micro's Zero Day Initiative
CVE-2017-7117: lokihardt of Google Project Zero
CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security
Lab

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of the parent-tab.
This issue was addressed with improved state management.
CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC

WebKit
Available for:  Windows 7 and later
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed by no longer returning
cookies for custom URL schemes.
CVE-2017-7090: Apple

WebKit
Available for:  Windows 7 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: Application Cache policy may be unexpectedly applied.
CVE-2017-7109: avlidienbrunn

Installation note:

iCloud for Windows 7 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGJFMP/0KnfKrqB1QcYuwcRJyUeM2N
lM4hxp2blsaHqGxxQx0KUb07N6ALWQV2JoTyDaBUkTHmVjz0Kf0XHeCJHhd1fsw6
PEIKh2umL4jE+I+gRxGC+h3jTF2WeEw3NljLI/2r+39UXI+CN6O8OCk3tE4Zpitn
4DV21lZqoGmCha+pPIBd3y4YnrhWNGbV6Pf315GF7dz7qmSFLKSuoVNRDcdLY4p3
LJr6U65nbjkAwgIwPDE35JEbxdU8bL09mJ3P9V9/pBX7cp7llS24hTLyaUjd2mj9
HFVDW41STPL4CThJ/IQgYt3pLsnNG3oRRYHNQZkHTx31eCiZ0Y80WpizEFHFm67Q
UjXOV55Ee+f+IRuaKNqSpx5jDly+G0D0W2QijaZcGttl1H4xI/sCNNcUC+IuME/g
/L3MgnhymSmZx4FtLIhHGqxBZGCdgDN5d7NswEoaoqvKLeIey3SngI+WJ8FTX5op
mcaMQiELP1FoIjC8525t3vKc38xWH+Juep2W42Tut3WI0E5oafrJls/A7nDRvleV
IWxYB+qV3L9r9BwAWiLX9IUOwR11qmPcBwiTvBFhAnH5YrqWuWsDDYqWFAl8gvut
SFGkWpzgPfhRbXWQQrWfxUH4LLAVxUp1i60XT98OqNkbpWVl6eeL6Wk+BlLKMO3k
T6H6avzc1J+JDpLWQ7Yc
=NU3/
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists