exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2020-05-26-9

Apple Security Advisory 2020-05-26-9
Posted May 29, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-05-26-9 - iCloud for Windows 11.2 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | windows, apple
advisories | CVE-2020-3878, CVE-2020-9789, CVE-2020-9790, CVE-2020-9794, CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850
SHA-256 | 100cbea4dc7f344692f604cbe8dfab29c51a9e753f7d0e6e5204c16baf6f0880

Apple Security Advisory 2020-05-26-9

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-05-26-9 iCloud for Windows 11.2

iCloud for Windows 11.2 is now available and addresses the following:

ImageIO
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero

SQLite
Available for: Windows 10 and later via the Microsoft Store
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

Additional recognition

ImageIO
We would like to acknowledge Lei Sun for their assistance.

WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.

Installation note:

iCloud for Windows 11.2 may be obtained from:
https://support.apple.com/HT204283
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64

iQIcBAEDCAAGBQJezV70AAoJEAc+Lhnt8tDN2SAP/Ak5rb1JhLiHbsNKKIbKMzzD
sMX4sO9c3GN7cJn+SAqcqMmD0+TmG132y2cVXTUdsg/1sabiIKj3NRxqcXCad1TK
8AZXFo1QBa+h1x5uQJO8JYyFu5v8Dk313MLaeOI7f/aMPW4ScxotubqzkEzv6ovj
mKJzewqWcL7NJjRYKG+U4s36DgdO80iATRWWq0qfpRHLd70tQSVdnB3ncgzpRBiM
q0Hs/JIoBzg1hYqzU/LlBJ4hKwbWkotqe+8WW8PO2k1Qpxwn2MQ8hvUlIAKcszwC
LIw6wUYVenlaTjLZ05BD3MyI/Zg0UYKYdXvF5uzELQRrsYmdbrsOvlT2T6eIdOqF
z7F8J9mPHcFb+Q695N4SPBcNsSn7Xf2r+iFcRfEO7uZMMYaSDKmi1bPiko5vmx/V
OsEUToYAP8/h1ziWISc1JsRfN5R4q8ATiGpaDBMH0wAxs5S6TzyJLUAJP3rjrMm9
2isTit/bWZ9QE2bbnNC3bVXCKDvh4td536+4zvSRtN0dwWMlAeJ2odexaKSvuh46
/sm9ghzvVE7uWHRP1BEWzOVQxE2eZonSXCvElNzXxm/MyGxRGxb9HXLladknmzSM
PXfpwoJGGzbr5/juPZ6C0w9UsXTBzDTATyszfjYKDf+h2nEXPsEq3i1jmSWjCKuG
aov2VtgfuOGfTRWGUJrh
=v2Wk
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close