| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <99195F4C-69EF-45F5-A7D0-9F9C92A19336@lists.apple.com> Date: Wed, 25 Mar 2020 12:51:58 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: Apple Product Security via Security-announce <security-announce@...ts.apple.com> Subject: [FD] APPLE-SA-2020-03-25-2 iCloud for Windows 7.18 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-25-2 iCloud for Windows 7.18 iCloud for Windows 7.18 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@____benjamin) WebKit Available for: Windows 7 and later Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Windows 7 and later Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: Windows 7 and later Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: iCloud for Windows 7.18 may be obtained from: https://support.apple.com/HT204283 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDgAAoJEAc+Lhnt8tDNL3QQAIf1vJxBmTcO6/boO3107KUV g2ZHILhOrQLCX+XEehTpzBwv+7hbTIagsMEFdRHPrUZj667xtmvqmqwHb6hcBNXJ IKlh6Wvuk/X7NbEb/GktYpu7On/aWDYQBiiBuXLIEoPLjqzF6PkWDjwSeGk5EFIs 3Botsk5+OmvZy0YNI642QtsTgJrHVxMAEugtxKeBX3m/EEvvlnDGYZuddnZiSEvO tmZ3TRPqyRjGxAXz0LWXfkvtrjlt1Z0XdeX/4gvbL8Ul0oVPBfTrhnCj4oTL9vo/ vhgVw5AG+D5ST54CBdVgN1Z7Adpo0NjKZm63NSvRAtZF12XGFObfVNv0noTYjWBb zs0sUdBTfyfpvR5V7R4tALnFuXzydTEdxWaNap7qi17axsvUZrBQWU2gbKvfrBKP reD2QpV79+F4qKs4XyLpfKAoqZeXIh7qJ0EeMZzyjt45BxjWhkVj6FGavLtlEgu7 LmwMzH01LQbM527BmYTRj6ABy+gYhJhR5pjlo/ZN39GmX127vua6Itnwr2WhF7TA Ablmi9Qyg2PRFMZsKfAoHr03tL9FBoQCMpDz7vE8QdSmONnjTRoiiZsL61rZTp0c ljbtrxgrmpmIYwPQWWPUN/5uEKBVEL9dTGC5ombDfOv2opvVM4VK76eesLbv+pZW u+n+8+4YsHVXt5pLLayF =k2Yx -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists