| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <A7522FAF-5A9F-41CC-91BF-5DB13804A18D@lists.apple.com> Date: Mon, 26 Apr 2021 15:51:52 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2021-04-26-8 iCloud for Windows 12.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-8 iCloud for Windows 12.3 iCloud for Windows 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212321. CFNetwork Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreText Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions WebRTC Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678 Additional recognition CoreCrypto We would like to acknowledge Andy Russon of Orange Group for their assistance. Installation note: This update may be obtained from: https://support.apple.com/en-us/HT201391 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO4MACgkQZcsbuWJ6 jjCmcA/9EsEvhmXjTOjoXcrN8M2S7sY/C2sYw9eDe7JbbupT6+tb+RAzwHtOZSKv nMhY2rE3XRq+v5dh3wknHrC1vRK1xt3p77wP18zNxcB+KFJ2yU7nZMuWJn54MSO/ 0LutRzl21aal+SFLSNvV7bhz9ey9UtDgUNIzTwUi3tqtAvb/PnLdHAXUbzZCamKK vdnfuWSRSparGrb6BXdFoo9bvuEzyBlksefI1XrOCdMoccWtxW5a2SqzIP2abZH2 MiQK/AkUNpOTw2gd9eFKOzNihCHrdL3KWTfDxkBnX5qLs3MpHRZSYQlZ4JQUwGh3 Fd08XHbmFGWffBjun+F8fz7NowssXdDf7JrGQ/PlnOfzdvJ7H2KX+08Cxi3OdyDP K41j6JS8YzoXK7GH2/o1nEiZKLGVEwFKwnR+ejB9bbvODTaPPZnGKqA8LJ1amnaI Z0RmmRL2FrPpc0mV7lTjc9Sds7BB5ZWxrWVGQosjNSKlJtbkzZsL11sOvJ08En4z JKpyqwR6wGGakIx999B3j02UtCXCkCNxBnQILo2G7a5w4ooUNXhvatAGyuKlbadw 1JX5R5ICBmOcczZurPQJ5HVcAKw52AUtiRn93C0NyJXdQSj9fGgDG2O9jBi5K1G4 I/HQ0uUwdc7bgWlxmEV4oDCFjbkffukaqdFWajnOr9G0srlwRMw= =3JfX -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists