—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user’s activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University Munich (TUM)

libxslt
Available for: Windows 7 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-5029: Holger Fuhrmannek

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab
(tencent.com) working with Trend Micro’s Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in element handling. This
issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
CVE-2017-2480: lokihardt of Google Project Zero

Installation note:

iCloud for Windows 6.2 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGjG0QAIcKPrg0HmHcv27Zl70Bt8qi
WRTANu+nbu0QjwaAwLZlOnS9d/XKfA2fkStlUnUzlJHXvF+KY+F6AN0vGQZ158ZU
gqdZZmhtEl1WZa8a1yr2t83RC/Q+NsU/Ai9W1zoLAw8LU7eRbt+sNvR3Bx7RhXYH
A68aKe7+AMuv7yuxKeaHtwox45yj4tEHtoURZkAZdsPcdV+k6UEdVf9lnaIaGqDb
E21+clnkc58uQ57UAtVcEzM9XFXdzfy7Y6nYpALXGCVNt79oSfByAZ2qvDu0auRx
rCc8s4O2K044bpaetkMJgAA2MmaeUO0ZVLeSW+8t+7w4Qyik6lsxIhJPjZ3qYXaa
Wb8WfJgj0Dl7s7Wvgozc8wA+eVaksaz2Y8SPM4I75h5+IT1ZHdswdSIMAFC3lsCs
RmSHA8P3SBOsfoWQ3Aa8dXsmaO6Cp+5A+lP8MEdQptBHKhR8z0MWqpkI2taJqof+
3DcDL7+ZQklk0EzlrGcNI+ygbHyx1TJqRLHD7aB40DwmFAy41kBHkR4nmnQ/kcoF
WZVwa6WsWDNg6z4823pUTZTSuKvK7vEQeXZnIj9m/SAJgrGQUGJ2cbybgep5iNWk
zmQwxAR7uuDwD6fEtXHhAULNKGtvfOOomvQypafsIh75lGKZ1SnCojEv7bqF9UXU
xCLGJWVtI1fBZbzME47M
=w8Kd
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)