Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2020-05-26-10 iCloud for Windows 7.19

Related Vulnerabilities: CVE-2020-9789   CVE-2020-9790   CVE-2020-3878   CVE-2020-9794   CVE-2020-9802   CVE-2020-9805   CVE-2020-9800   CVE-2020-9806   CVE-2020-9807   CVE-2020-9850   CVE-2020-9843   CVE-2020-9803  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="56"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#57">By Date</a>
<a href="58"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="56"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#57">By Thread</a>
<a href="58"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2020-05-26-10 iCloud for Windows 7.19</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Tue, 26 May 2020 17:24:38 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-05-26-10 iCloud for Windows 7.19

iCloud for Windows 7.19 is now available and addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero

SQLite
Available for: Windows 7 and later
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit
Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

Additional recognition

ImageIO
We would like to acknowledge Lei Sun for their assistance.

WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.

Installation note:

iCloud for Windows 7.19 may be obtained from:
<a rel="nofollow" href="https://support.apple.com/HT204283">https://support.apple.com/HT204283</a>
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64

iQIcBAEDCAAGBQJezV7DAAoJEAc+Lhnt8tDN/S0QAJzdsVhL1glk7MqNlBpQ3cRx
JSK12Bw3Oqx2W7544Cr0LwvKSk98QYp3eN3pkxH+yPFmM4iu88xMg/y9PI56Eh8z
shy+uqbBhdwSQ5GQABo9fRA3XDKAAjw8Hb1YPTl7rW/iERI9QV/AsDuxPY2hLIgs
VHx0kufO7xe15BeidIlSce27fFcaYFJ7WvnUzIM0/4JlwIfKVtmm5jSwgdmtNULf
j4E/NEkB4mNhv7glyVjL2icniP3M3WQzxbrzgAd46M7R0aTYbiQMH/AHwiKK+XYy
jD+dSD88M/sViz7LEGI0vzDngGNXWdtu+UB6eBrmoLIzHzll0cTuIovIYCLtVw9o
S2SVUZ3T+baIRAnLoYfD6FQatigJDs4de6PuIKN6pTccorE1/YyHSrQ8UxvksJh0
NpGMUVDljpI9f+kUNpps5ApXr9icvUVcUnXtqaDJvxOSvUTRvt28BESf80bOwwLg
sHmAyErBb1XyMsGBeZTMygxT+nQiRGa4p+f4rZdpLBpLCZRXoJaLXF2g5j5dZbmB
fl7u2I5gTvtqDN1ECLgpFOgUbLQwvgHf6rgWmnfg2HUrUWuND3YJssn9KGWIUIwa
UkP+IFAmb9SMu42Qw9GKdrO5w9o5sAnbdCKTJO9oQ91scptHCeCbCoh6d5MJ6T7B
kKzGsjtZfJ/K1FoGKJRS
=Io2k
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="56"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#57">By Date</a>
<a href="58"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="56"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#57">By Thread</a>
<a href="58"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2020-05-26-10 iCloud for Windows 7.19</strong> <em>Apple Product Security via Fulldisclosure (May 29)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started