—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
APPLE-SA-2017-09-25-2 iCloud for Windows 7
iCloud for Windows 7 is now available and addresses the following:
SQLite
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7081: Apple
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7087: Apple
CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend
Micro’s Zero Day Initiative
CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend
Micro’s Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360
Vulcan Team
CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend
Micro’s Zero Day Initiative
CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group
CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University working with Trend Micro’s Zero Day
Initiative
CVE-2017-7096: Wei Yuan of Baidu Security Lab
CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica
CVE-2017-7099: Apple
CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53
CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7104: likemeng of Baidu Secutity Lab
CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)
working with Trend Micro’s Zero Day Initiative
CVE-2017-7117: lokihardt of Google Project Zero
CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security
Lab
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of the parent-tab.
This issue was addressed with improved state management.
CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC
WebKit
Available for: Windows 7 and later
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed by no longer returning
cookies for custom URL schemes.
CVE-2017-7090: Apple
WebKit
Available for: Windows 7 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: Application Cache policy may be unexpectedly applied.
CVE-2017-7109: avlidienbrunn
Installation note:
iCloud for Windows 7 may be obtained from:
https://support.apple.com/HT204283
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGJFMP/0KnfKrqB1QcYuwcRJyUeM2N
lM4hxp2blsaHqGxxQx0KUb07N6ALWQV2JoTyDaBUkTHmVjz0Kf0XHeCJHhd1fsw6
PEIKh2umL4jE+I+gRxGC+h3jTF2WeEw3NljLI/2r+39UXI+CN6O8OCk3tE4Zpitn
4DV21lZqoGmCha+pPIBd3y4YnrhWNGbV6Pf315GF7dz7qmSFLKSuoVNRDcdLY4p3
LJr6U65nbjkAwgIwPDE35JEbxdU8bL09mJ3P9V9/pBX7cp7llS24hTLyaUjd2mj9
HFVDW41STPL4CThJ/IQgYt3pLsnNG3oRRYHNQZkHTx31eCiZ0Y80WpizEFHFm67Q
UjXOV55Ee+f+IRuaKNqSpx5jDly+G0D0W2QijaZcGttl1H4xI/sCNNcUC+IuME/g
/L3MgnhymSmZx4FtLIhHGqxBZGCdgDN5d7NswEoaoqvKLeIey3SngI+WJ8FTX5op
mcaMQiELP1FoIjC8525t3vKc38xWH+Juep2W42Tut3WI0E5oafrJls/A7nDRvleV
IWxYB+qV3L9r9BwAWiLX9IUOwR11qmPcBwiTvBFhAnH5YrqWuWsDDYqWFAl8gvut
SFGkWpzgPfhRbXWQQrWfxUH4LLAVxUp1i60XT98OqNkbpWVl6eeL6Wk+BlLKMO3k
T6H6avzc1J+JDpLWQ7Yc
=NU3/
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)