Lucene search

K
appleAppleAPPLE:HT210794
HistoryApr 05, 2020 - 5:12 a.m.

About the security content of iCloud for Windows 10.9 - Apple Support

2020-04-0505:12:53
support.apple.com
32
icloud
windows 10.9
security updates
hsts bypass
elevated privilege
xml disclosure
arbitrary code execution

EPSS

0.006

Percentile

79.6%

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iCloud for Windows 10.9

Released December 11, 2019

CFNetwork

Available for: Windows 10 and later via the Microsoft Store

Impact: An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list

Description: A configuration issue was addressed with additional restrictions.

CVE-2019-8834: Rob Sayre (@sayrer)

Entry added April 4, 2020

CFNetwork Proxies

Available for: Windows 10 and later via the Microsoft Store

Impact: An application may be able to gain elevated privileges

Description: This issue was addressed with improved checks.

CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team

libexpat

Available for: Windows 10 and later via the Microsoft Store

Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information

Description: This issue was addressed by updating to expat version 2.2.8.

CVE-2019-15903: Joonun Jang

WebKit

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8835: Anonymous working with Trend Micro’s Zero Day Initiative, Mike Zhang of Pangu Team

CVE-2019-8844: William Bowling (@wcbowling)

WebKit

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8846: Marcin Towalski of Cisco Talos