Apple iCloud for Windows 6.1 업데이트

iCloud for Windows 6.1

Released December 13, 2016

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4692: Apple

CVE-2016-7635: Apple

CVE-2016-7652: Apple

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7656: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-4743: Alan Cutter

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of user information

Description: A validation issue was addressed through improved state management.

CVE-2016-7586: Boris Zbarsky

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7587: Adam Klein

CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative

CVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative

CVE-2016-7639: Tongbo Luo of Palo Alto Networks

CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7642: Tongbo Luo of Palo Alto Networks

CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

CVE-2016-7654: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7589: Apple

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may compromise user information

Description: An issue existed in handling of JavaScript prompts. This was addressed through improved state management.

CVE-2016-7592: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An uninitialized memory access issue was addressed through improved memory initialization.

CVE-2016-7598: Samuel Groß

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may result in the disclosure of user information

Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.

CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7632: Jeonghoon Shin

Windows Security

Available for: Windows 7 and later

Impact: A local user may be able to leak sensitive user information

Description: The iCloud desktop client failed to clear sensitive information in memory. This issue was addressed through improved memory handling.

CVE-2016-7614: Yakir Wizman