iCloud Control Panel 歷史版本列表
需要 iCloud Control Panel 才能使用照片流,郵件,聯繫人和日曆和書籤。 iCloud Control Panel 可讓您輕鬆地在 iOS 設備,Mac 和 Windows PC 之間保持聯繫人,日曆和書籤的最新狀態。您還可以使用共享照片流與親朋好友分享精選照片,並附有通知和評論。在您使用的每台設備上獲取您喜愛的所有設備。當您在 Windows PC 上下載並設置 iCloud ... iCloud Control Panel 軟體介紹更新時間:2020-03-26
更新細節:
What's new in this version:
iCloud Control Panel 7.18
libxml2:
- Available for: Windows 7 and later
- Impact: Multiple issues in libxml2
- Description: A buffer overflow was addressed with improved size validation
- CVE-2020-3910: LGTM
libxml2:
- Available for: Windows 7 and later
- Impact: Multiple issues in libxml2
- Description: A buffer overflow was addressed with improved bounds checking
- CVE-2020-3909: LGTM
- CVE-2020-3911: found by OSS-Fuzz
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A type confusion issue was addressed with improved memory handling
- CVE-2020-3901: Benjamin Randazzo
WebKit:
- Available for: Windows 7 and later
- Impact: A download's origin may be incorrectly associated
- Description: A logic issue was addressed with improved restrictions
- CVE-2020-3887: Ryan Pickren
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling
- CVE-2020-3895: grigoritchy
- CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit:
- Available for: Windows 7 and later
- Impact: An application may be able to read restricted memory
- Description: A race condition was addressed with additional validation
- CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2020-9783: Apple
WebKit:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to cause arbitrary code execution
- Description: A type confusion issue was addressed with improved memory handling
- CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to cause arbitrary code execution
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2020-3899: found by OSS-Fuzz
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
- Description: An input validation issue was addressed with improved input validation
- CVE-2020-3902: Yigit Can YILMAZ
WebKit Page Loading:
- Available for: Windows 7 and later
- Impact: A file URL may be incorrectly processed
- Description: A logic issue was addressed with improved restrictions
- CVE-2020-3885: Ryan Pickren
iCloud Control Panel 7.16
CFNetwork Proxies:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: This issue was addressed with improved checks
- CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team
libexpat:
- Available for: Windows 7 and later
- Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information
- Description: This issue was addressed by updating to expat version 2.2.8
- CVE-2019-15903: Joonun Jang
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team
- William Bowling (@wcbowling)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2019-8846: Marcin Towalski of Cisco Talos
iCloud Control Panel 7.15
Graphics Driver:
- Available for: Windows 7 and later
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- Cheolung Lee of LINE+ Graylab Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Samuel Groß of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
WebKit Process Model:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 7.14
UIFoundation:
- Available for: Windows 7 and later
- Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
- Description: A buffer overflow was addressed with improved bounds checking.
- riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management.
- CVE-2019-8625: Sergei Glazunov of Google Project Zero
- CVE-2019-8719: Sergei Glazunov of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
- CVE-2019-8726: Jihui Lu of Tencent KeenLab
- CVE-2019-8733: Sergei Glazunov of Google Project Zero
- CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
- CVE-2019-8763: Sergei Glazunov of Google Project Zero
iCloud Control Panel 7.13
libxslt:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to view sensitive information
- Description: A stack overflow was addressed with improved input validation
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
iCloud Control Panel 7.12
SQLite:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: An input validation issue was addressed with improved memory handling.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A maliciously crafted SQL query may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to read restricted memory
- Description: An input validation issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to elevate privileges
- Description: A memory corruption issue was addressed by removing the vulnerable code.
- Omer Gull of Checkpoint Research
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved input validation.
- Junho Jang and Hanul Choi of LINE Security Team
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team
- 01 working with Trend Micro's Zero Day Initiative
- sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech
- G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative
- an anonymous researcher
- G. Geshev working with Trend Micro Zero Day Initiative
- Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
- G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech
- 01 working with Trend Micro Zero Day Initiative
- Fluoroacetate working with Trend Micro's Zero Day Initiative
- G. Geshev working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab, Georgia Tech
- Anonymous working with Trend Micro Zero Day Initiative
- Samuel Groß of Google Project Zero
- G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
- Samuel Groß of Google Project Zero
- Samuel Groß of Google Project Zero
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
iCloud Control Panel 7.11
- Change log not available for this version
iCloud Control Panel 7.10
- Change log not available for this version
iCloud Control Panel 7.9.0.9
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A logic issue was addressed with improved state management.
- CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to user interface spoofing
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
- CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4441: lokihardt of Google Project Zero
- CVE-2018-4442: lokihardt of Google Project Zero
- CVE-2018-4443: lokihardt of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management
iCloud Control Panel 7.8.1.12
- Change log not available for this version
iCloud Control Panel 7.8.0.7
- Change log not available for this version
iCloud Control Panel 7.7.0.27
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz
WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz
iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks
WebKit:
- A memory corruption issue was addressed with improved memory handling
WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation
iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management
WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation
iCloud Control Panel 7.4.0.111
Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation
WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation
iCloud Control Panel 7.3.0.20
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz
iCloud Control Panel 7.2.0.67
- Change log not available for this verison
iCloud Control Panel 7.1.0.34
- Change log not available for this verison
iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied
iCloud Control Panel 6.2.3.17
- Change log not available for this verison
iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation
iCloud Control Panel 6.1.2.13
- Change log not available for this version
iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory
iCloud Control Panel 6.0.2.10
- Change log not available for this version
iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling
iCloud Control Panel 5.2.2.87
- Change log not available for this version
iCloud Control Panel 5.2.1.69
- Change log not available for this version
更新時間:2019-12-12
更新細節:
What's new in this version:
iCloud Control Panel 7.16
CFNetwork Proxies:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: This issue was addressed with improved checks
- CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team
libexpat:
- Available for: Windows 7 and later
- Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information
- Description: This issue was addressed by updating to expat version 2.2.8
- CVE-2019-15903: Joonun Jang
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team
- William Bowling (@wcbowling)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2019-8846: Marcin Towalski of Cisco Talos
iCloud Control Panel 7.15
Graphics Driver:
- Available for: Windows 7 and later
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- Cheolung Lee of LINE+ Graylab Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Samuel Groß of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
WebKit Process Model:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 7.14
UIFoundation:
- Available for: Windows 7 and later
- Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
- Description: A buffer overflow was addressed with improved bounds checking.
- riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management.
- CVE-2019-8625: Sergei Glazunov of Google Project Zero
- CVE-2019-8719: Sergei Glazunov of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
- CVE-2019-8726: Jihui Lu of Tencent KeenLab
- CVE-2019-8733: Sergei Glazunov of Google Project Zero
- CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
- CVE-2019-8763: Sergei Glazunov of Google Project Zero
iCloud Control Panel 7.13
libxslt:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to view sensitive information
- Description: A stack overflow was addressed with improved input validation
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
iCloud Control Panel 7.12
SQLite:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: An input validation issue was addressed with improved memory handling.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A maliciously crafted SQL query may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to read restricted memory
- Description: An input validation issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to elevate privileges
- Description: A memory corruption issue was addressed by removing the vulnerable code.
- Omer Gull of Checkpoint Research
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved input validation.
- Junho Jang and Hanul Choi of LINE Security Team
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team
- 01 working with Trend Micro's Zero Day Initiative
- sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech
- G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative
- an anonymous researcher
- G. Geshev working with Trend Micro Zero Day Initiative
- Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
- G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech
- 01 working with Trend Micro Zero Day Initiative
- Fluoroacetate working with Trend Micro's Zero Day Initiative
- G. Geshev working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab, Georgia Tech
- Anonymous working with Trend Micro Zero Day Initiative
- Samuel Groß of Google Project Zero
- G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
- Samuel Groß of Google Project Zero
- Samuel Groß of Google Project Zero
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
iCloud Control Panel 7.11
- Change log not available for this version
iCloud Control Panel 7.10
- Change log not available for this version
iCloud Control Panel 7.9.0.9
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A logic issue was addressed with improved state management.
- CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to user interface spoofing
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
- CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4441: lokihardt of Google Project Zero
- CVE-2018-4442: lokihardt of Google Project Zero
- CVE-2018-4443: lokihardt of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management
iCloud Control Panel 7.8.1.12
- Change log not available for this version
iCloud Control Panel 7.8.0.7
- Change log not available for this version
iCloud Control Panel 7.7.0.27
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz
WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz
iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks
WebKit:
- A memory corruption issue was addressed with improved memory handling
WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation
iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management
WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation
iCloud Control Panel 7.4.0.111
Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation
WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation
iCloud Control Panel 7.3.0.20
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz
iCloud Control Panel 7.2.0.67
- Change log not available for this verison
iCloud Control Panel 7.1.0.34
- Change log not available for this verison
iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied
iCloud Control Panel 6.2.3.17
- Change log not available for this verison
iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation
iCloud Control Panel 6.1.2.13
- Change log not available for this version
iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory
iCloud Control Panel 6.0.2.10
- Change log not available for this version
iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling
iCloud Control Panel 5.2.2.87
- Change log not available for this version
iCloud Control Panel 5.2.1.69
- Change log not available for this version
更新時間:2019-12-12
更新細節:
更新時間:2019-12-07
更新細節:
What's new in this version:
- New and improved Connection experience with support for all connection options
- Improved user experience for saving and sharing Favorite Connections
- Added JSON mode for managing documents. With JSON mode, you can now insert multiple documents at once
- Added support for querying UUIDs via the Documents query bar or in the Aggregation Pipeline Builder
Added support for the following aggregation pipeline operators:
- set
- unset
- replaceWith
- Improved inline documentation for aggregation pipeline arguments
- Removed $limit ahead of the $count stage in the aggregation pipeline builder to ensure accurate counts on large collections. Prior versions of MongoDB Compass placed a $limit stage before $count stages in the Aggregation Pipeline Builder for large collections, even when sample mode was disabled
- Various bug fixes and improvements
更新時間:2019-12-06
更新細節:
更新時間:2019-12-03
更新細節:
更新時間:2019-10-30
更新細節:
What's new in this version:
iCloud Control Panel 7.15
Graphics Driver:
- Available for: Windows 7 and later
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- Cheolung Lee of LINE+ Graylab Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Soyeon Park of SSLab at Georgia Tech
- Cheolung Lee of LINE+ Security Team
- Samuel Groß of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
- Sergei Glazunov of Google Project Zero
WebKit Process Model:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 7.14
UIFoundation:
- Available for: Windows 7 and later
- Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
- Description: A buffer overflow was addressed with improved bounds checking.
- riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management.
- CVE-2019-8625: Sergei Glazunov of Google Project Zero
- CVE-2019-8719: Sergei Glazunov of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
- CVE-2019-8726: Jihui Lu of Tencent KeenLab
- CVE-2019-8733: Sergei Glazunov of Google Project Zero
- CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
- CVE-2019-8763: Sergei Glazunov of Google Project Zero
iCloud Control Panel 7.13
libxslt:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to view sensitive information
- Description: A stack overflow was addressed with improved input validation
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
iCloud Control Panel 7.12
SQLite:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: An input validation issue was addressed with improved memory handling.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A maliciously crafted SQL query may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to read restricted memory
- Description: An input validation issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to elevate privileges
- Description: A memory corruption issue was addressed by removing the vulnerable code.
- Omer Gull of Checkpoint Research
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved input validation.
- Junho Jang and Hanul Choi of LINE Security Team
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team
- 01 working with Trend Micro's Zero Day Initiative
- sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech
- G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative
- an anonymous researcher
- G. Geshev working with Trend Micro Zero Day Initiative
- Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
- G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech
- 01 working with Trend Micro Zero Day Initiative
- Fluoroacetate working with Trend Micro's Zero Day Initiative
- G. Geshev working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab, Georgia Tech
- Anonymous working with Trend Micro Zero Day Initiative
- Samuel Groß of Google Project Zero
- G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
- Samuel Groß of Google Project Zero
- Samuel Groß of Google Project Zero
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
iCloud Control Panel 7.11
- Change log not available for this version
iCloud Control Panel 7.10
- Change log not available for this version
iCloud Control Panel 7.9.0.9
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A logic issue was addressed with improved state management.
- CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to user interface spoofing
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
- CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4441: lokihardt of Google Project Zero
- CVE-2018-4442: lokihardt of Google Project Zero
- CVE-2018-4443: lokihardt of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management
iCloud Control Panel 7.8.1.12
- Change log not available for this version
iCloud Control Panel 7.8.0.7
- Change log not available for this version
iCloud Control Panel 7.7.0.27
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz
WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz
iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks
WebKit:
- A memory corruption issue was addressed with improved memory handling
WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation
iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management
WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation
iCloud Control Panel 7.4.0.111
Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation
WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation
iCloud Control Panel 7.3.0.20
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz
iCloud Control Panel 7.2.0.67
- Change log not available for this verison
iCloud Control Panel 7.1.0.34
- Change log not available for this verison
iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied
iCloud Control Panel 6.2.3.17
- Change log not available for this verison
iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation
iCloud Control Panel 6.1.2.13
- Change log not available for this version
iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory
iCloud Control Panel 6.0.2.10
- Change log not available for this version
iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling
iCloud Control Panel 5.2.2.87
- Change log not available for this version
iCloud Control Panel 5.2.1.69
- Change log not available for this version
更新時間:2019-10-08
更新細節:
What's new in this version:
iCloud Control Panel 7.14
UIFoundation:
- Available for: Windows 7 and later
- Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
- Description: A buffer overflow was addressed with improved bounds checking.
- CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management.
- CVE-2019-8625: Sergei Glazunov of Google Project Zero
- CVE-2019-8719: Sergei Glazunov of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
- CVE-2019-8726: Jihui Lu of Tencent KeenLab
- CVE-2019-8733: Sergei Glazunov of Google Project Zero
- CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
- CVE-2019-8763: Sergei Glazunov of Google Project Zero
iCloud Control Panel 7.13
libxslt:
- Available for: Windows 7 and later
- Impact: A remote attacker may be able to view sensitive information
- Description: A stack overflow was addressed with improved input validation
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
iCloud Control Panel 7.12
SQLite:
- Available for: Windows 7 and later
- Impact: An application may be able to gain elevated privileges
- Description: An input validation issue was addressed with improved memory handling.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A maliciously crafted SQL query may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to read restricted memory
- Description: An input validation issue was addressed with improved input validation.
- Omer Gull of Checkpoint Research
SQLite:
- Available for: Windows 7 and later
- Impact: A malicious application may be able to elevate privileges
- Description: A memory corruption issue was addressed by removing the vulnerable code.
- Omer Gull of Checkpoint Research
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved input validation.
- Junho Jang and Hanul Choi of LINE Security Team
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team
- 01 working with Trend Micro's Zero Day Initiative
- sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech
- G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative
- an anonymous researcher
- G. Geshev working with Trend Micro Zero Day Initiative
- Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
- G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech
- 01 working with Trend Micro Zero Day Initiative
- Fluoroacetate working with Trend Micro's Zero Day Initiative
- G. Geshev working with Trend Micro Zero Day Initiative
- Wen Xu of SSLab, Georgia Tech
- Anonymous working with Trend Micro Zero Day Initiative
- Samuel Groß of Google Project Zero
- G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
- Samuel Groß of Google Project Zero
- Samuel Groß of Google Project Zero
- Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
iCloud Control Panel 7.11
- Change log not available for this version
iCloud Control Panel 7.10
- Change log not available for this version
iCloud Control Panel 7.9.0.9
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A logic issue was addressed with improved state management.
- CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to user interface spoofing
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
- CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4441: lokihardt of Google Project Zero
- CVE-2018-4442: lokihardt of Google Project Zero
- CVE-2018-4443: lokihardt of Google Project Zero
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management
iCloud Control Panel 7.8.1.12
- Change log not available for this version
iCloud Control Panel 7.8.0.7
- Change log not available for this version
iCloud Control Panel 7.7.0.27
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz
WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google
WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher
WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz
iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks
WebKit:
- A memory corruption issue was addressed with improved memory handling
WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation
iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management
WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation
iCloud Control Panel 7.4.0.111
Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation
WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation
iCloud Control Panel 7.3.0.20
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz
iCloud Control Panel 7.2.0.67
- Change log not available for this verison
iCloud Control Panel 7.1.0.34
- Change log not available for this verison
iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied
iCloud Control Panel 6.2.3.17
- Change log not available for this verison
iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling
iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation
iCloud Control Panel 6.1.2.13
- Change log not available for this version
iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory
iCloud Control Panel 6.0.2.10
- Change log not available for this version
iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling
iCloud Control Panel 5.2.2.87
- Change log not available for this version
iCloud Control Panel 5.2.1.69
- Change log not available for this version
更新時間:2019-09-02
更新細節:
更新時間:2019-08-20
更新細節: