iCloud Control Panel 歷史版本列表 Page4

更新時間：2018-12-06
更新細節：

What's new in this version:

iCloud Control Panel 7.9.0.9

Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A logic issue was addressed with improved state management.
- CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)

Safari:
- Available for: Windows 7 and later
- Impact: Visiting a malicious website may lead to user interface spoofing
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4439: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
- CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4441: lokihardt of Google Project Zero
- CVE-2018-4442: lokihardt of Google Project Zero
- CVE-2018-4443: lokihardt of Google Project Zero

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management


iCloud Control Panel 7.8.1.12
- Change log not available for this version


iCloud Control Panel 7.8.0.7
- Change log not available for this version


iCloud Control Panel 7.7.0.27

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz

WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero

WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz


iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks

WebKit:
- A memory corruption issue was addressed with improved memory handling

WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation


iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management

WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-11-28
更新細節：

What's new in this version:

iCloud Control Panel 7.8.1.12
- Change log not available for this version


iCloud Control Panel 7.8.0.7
- Change log not available for this version


iCloud Control Panel 7.7.0.27

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz

WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero

WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz


iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks

WebKit:
- A memory corruption issue was addressed with improved memory handling

WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation


iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management

WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-10-31
更新細節：

What's new in this version:

iCloud Control Panel 7.8.0.7
- Change log not available for this version


iCloud Control Panel 7.7.0.27

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz

WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero

WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz


iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks

WebKit:
- A memory corruption issue was addressed with improved memory handling

WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation


iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management

WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-10-09
更新細節：

What's new in this version:

iCloud Control Panel 7.7.0.27

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory corruption issue was addressed with improved validation
- CVE-2018-4191: found by OSS-Fuzz

WebKit:
- Impact: Cross-origin SecurityErrors includes the accessed frame’s origin
- Description: The issue was addressed by removing origin information
- CVE-2018-4311: Erling Alf Ellingsen (@steike)

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative
- CVE-2018-4323: Ivan Fratric of Google Project Zero
- CVE-2018-4328: Ivan Fratric of Google Project Zero
- CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative
- CVE-2018-4359: Samuel Groß (@5aelo)

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may cause unexepected cross-origin behavior
- Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins
- CVE-2018-4319: John Pettitt of Google

WebKit:
- Available for: Windows 7 and later
- Impact: A malicious website may be able to execute scripts in the context of another website
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management
- CVE-2018-4197: Ivan Fratric of Google Project Zero
- CVE-2018-4306: Ivan Fratric of Google Project Zero
- CVE-2018-4312: Ivan Fratric of Google Project Zero
- CVE-2018-4314: Ivan Fratric of Google Project Zero
- CVE-2018-4315: Ivan Fratric of Google Project Zero
- CVE-2018-4317: Ivan Fratric of Google Project Zero
- CVE-2018-4318: Ivan Fratric of Google Project Zero

WebKit:
- Impact: A malicious website may exfiltrate image data cross-origin
- Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation
- CVE-2018-4345: an anonymous researcher

WebKit:
- Impact: Unexpected interaction causes an ASSERT failure
- Description: A memory consumption issue was addressed with improved memory handling
- CVE-2018-4361: found by Google OSS-Fuzz


iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks

WebKit:
- A memory corruption issue was addressed with improved memory handling

WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation


iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management

WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-07-10
更新細節：

What's new in this version:

iCloud Control Panel 7.6.0.15
CFNetwork:
- A cookie management issue was addressed with improved checks

WebKit:
- A memory corruption issue was addressed with improved memory handling

WebKit:
- A type confusion issue was addressed with improved memory handling
- Sound fetched through audio elements may be exfiltrated cross-originThis issue was addressed with improved audio taint tracking
- A race condition was addressed with additional validation
- Multiple memory corruption issues were addressed with improved memory handling
- Multiple memory corruption issues were addressed with improved input validation


iCloud Control Panel 7.5.0.34
Security:
- An authorization issue was addressed with improved state management

WebKit:
- A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- A race condition was addressed with improved locking
- A memory corruption issue was addressed with improved input validation
- A memory corruption issue was addressed with improved memory handling
- A type confusion issue was addressed with improved memory handling
- A memory corruption issue was addressed with improved state management
- Multiple memory corruption issues were addressed with improved memory handling
- An inconsistent user interface issue was addressed with improved state management
- Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- A buffer overflow issue was addressed with improved memory handling
- An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-06-05
更新細節：

What's new in this version:

iCloud Control Panel 7.5.0.34

Security:
- Impact: A local user may be able to read a persistent device identifier
- Description: An authorization issue was addressed with improved state managemen.
- Impact: A local user may be able to modify the state of the Keychain
- Description: An authorization issue was addressed with improved state management
- Impact: A local user may be able to view sensitive user information
- Description: An authorization issue was addressed with improved state management

WebKit:
- Impact: Visiting a maliciously crafted website may lead to cookies being overwritten
- Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A race condition was addressed with improved locking.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
- Description: A memory corruption issue was addressed with improved input validation
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A type confusion issue was addressed with improved memory handling
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: An inconsistent user interface issue was addressed with improved state management
- Impact: Visiting a maliciously crafted website may leak sensitive data
- Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A buffer overflow issue was addressed with improved memory handling
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation


iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-04-01
更新細節：

What's new in this version:

iCloud Control Panel 7.4.0.111

Security:
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling

WebKit:
- Impact: Unexpected interaction with indexing types causing an ASSERT failure
- Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

WebKit:
- Impact: Processing maliciously crafted web content may lead to a denial of service
- Description: A memory corruption issue was addressed through improved input validation

WebKit:
- Impact: A malicious website may exfiltrate data cross-origin
- Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation


iCloud Control Panel 7.3.0.20

WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz


iCloud Control Panel 7.2.0.67
- Change log not available for this verison


iCloud Control Panel 7.1.0.34
- Change log not available for this verison


iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied


iCloud Control Panel 6.2.3.17
- Change log not available for this verison


iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling


iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation


iCloud Control Panel 6.1.2.13
- Change log  not available for this version


iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory


iCloud Control Panel 6.0.2.10
- Change log  not available for this version


iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling


iCloud Control Panel 5.2.2.87
- Change log  not available for this version


iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2018-04-01
更新細節：

What's new in this version:

Vysor 1.9.0
- Connect automatically defaults to prompt
- Restore missing screen autodim option


Vysor 1.8.9
- Fix bug report generation


Vysor 1.8.8
- Ad crash fix
- Fix double video decoder initialization bug
- Improve startup time


Vysor 1.8.7
- Add high quality defaults


Vysor 1.8.6
- More bitrate options


Vysor 1.8.5
- Improve latency by dropping dropping frames when canvas can't paint fast enough

更新時間：2018-01-24
更新細節：

What's new in this version:

iCloud Control Panel 7.3.0.20
WebKit:
- Available for: Windows 7 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling
- CVE-2018-4088: Jeonghoon Shin of Theori
- CVE-2018-4096: found by OSS-Fuzz

iCloud Control Panel 7.2.0.67
- Change log not available for this verison

iCloud Control Panel 7.1.0.34
- Change log not available for this verison

iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied

iCloud Control Panel 6.2.3.17
- Change log not available for this verison

iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling

iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation

iCloud Control Panel 6.1.2.13
- Change log  not available for this version

iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory

iCloud Control Panel 6.0.2.10
- Change log  not available for this version

iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling

iCloud Control Panel 5.2.2.87
- Change log  not available for this version

iCloud Control Panel 5.2.1.69
- Change log  not available for this version

更新時間：2017-12-14
更新細節：

What's new in this version:

iCloud Control Panel 7.2.0.67
- Change log not available for this verison

iCloud Control Panel 7.1.0.34
- Change log not available for this verison

iCloud Control Panel 7.0.1.210
- SQLite available for: Windows 7 and later
- A memory corruption issue was addressed through improved input validation.
- Multiple memory corruption issues were addressed with improved memory handling.
- A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.
- A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
- An inconsistent user interface issue was addressed with improved state management.
- Application Cache policy may be unexpectedly applied

iCloud Control Panel 6.2.3.17
- Change log not available for this verison

iCloud Control Panel 6.2.2.39
- Multiple memory corruption issues were addressed with improved memory handling

iCloud Control Panel 6.2.1.67
- A client certificate was sent in plaintext. This issue was addressed through improved certificate handling
- Multiple memory corruption issues were addressed through improved memory handling
- Multiple memory corruption issues were addressed through improved memory handling
- A validation issue existed in element handling. This issue was addressed through improved validation

iCloud Control Panel 6.1.2.13
- Change log  not available for this version

iCloud Control Panel 6.1.0.30
- Multiple memory corruption issues were addressed through improved memory handling
- A memory corruption issue was addressed through improved state management
- The iCloud desktop client failed to clear sensitive information in memory

iCloud Control Panel 6.0.2.10
- Change log  not available for this version

iCloud Control Panel 6.0.1.41
- A memory corruption issue was addressed through improved memory handling

iCloud Control Panel 5.2.2.87
- Change log  not available for this version

iCloud Control Panel 5.2.1.69
- Change log  not available for this version