APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

iCloud for Windows 6.2.2 is now available and addresses the
following:

libxml2
Available for:  Windows 7 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7018: lokihardt of Google Project Zero
CVE-2017-7020: likemeng of Baidu Security Lab
CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab
(=E8=9A=82=E8=9A=81=E9=87=91=E6=9C=8D=E5=B7=B4=E6=96=AF=E5=85=89=E5=B9=B4=E5=
=AE=89=E5=85=A8=E5=AE=9E=E9=AA=8C=E5=AE=A4)
CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab
(=E8=9A=82=E8=9A=81=E9=87=91=E6=9C=8D=E5=B7=B4=E6=96=AF=E5=85=89=E5=B9=B4=E5=
=AE=89=E5=85=A8=E5=AE=9E=E9=AA=8C=E5=AE=A4)
CVE-2017-7037: lokihardt of Google Project Zero
CVE-2017-7039: Ivan Fratric of Google Project Zero
CVE-2017-7040: Ivan Fratric of Google Project Zero
CVE-2017-7041: Ivan Fratric of Google Project Zero
CVE-2017-7042: Ivan Fratric of Google Project Zero
CVE-2017-7043: Ivan Fratric of Google Project Zero
CVE-2017-7046: Ivan Fratric of Google Project Zero
CVE-2017-7048: Ivan Fratric of Google Project Zero
CVE-2017-7052: cc working with Trend Micros Zero Day Initiative
CVE-2017-7055: The UKs National Cyber Security Centre (NCSC)
CVE-2017-7056: lokihardt of Google Project Zero
CVE-2017-7061: lokihardt of Google Project Zero

WebKit
Available for:  Windows 7 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-7064: lokihardt of Google Project Zero

WebKit
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit Page Loading
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector
Available for:  Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7012: Apple

Installation note:

iCloud for Windows 6.2.2 may be obtained from:
https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apples Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VTAAoJEIOj74w0bLRG9dEP/396jAX5bECv18jTV99YM0Gy
Ji25sCWWy8OqUJoertlJ1uy8GPIphNqhbRA6F6QGgyMLAPjpEco/WkeMmozpwE9f
got8C5sI2eg7t52jk5pn5NJLYKCqUieMUtFbGIJ6lNCfpUl/vcc+Er5cTU+do3nY
d7DP5dZgqFUI8NKi3SZAyRvf7AHOCZrGchl7Wql66aC4org5O0H9jgrolzifnn2S
73e6DIGWDtAiRGCvks5hVTi5pTf+gfEG9Oc1n9HH7UoqKha8qZxkkbP5aDdM+8Er
FQDH2xOXNng8nDqDOCvInfOMYPdD6+Vn2zJkzTC/Pg2aaZWBEz79IEMH4eeLPW0c
2Sr7JDgmkFw787Dk8U6fqQzeBVvCBR2JF31ra1gG8Qb8rt7rBVdLvD6/VCjsflDx
A644GnZ8TsMF3g+qqUXgLDM684/1FW+ZVsm2AES6cdBiWm1H+sKxCOhOiPcoxwCm
cEBFWcZYDIPQ1eb+RPIWYa3QaarBwmTNXeEIxBMFDB7KOAXYuM1M+YdsjRVMMuR/
XYK35D9VAYrtD2FCPJR7KXk3cd8Ryp6cQwaoD7y+aEH++c4UzL1eaZ4SvVvsvYg2
A1wOnasN5XU3aZkqGFQNCHkDMQVCMWqhM8BQqC6jAGVf5r0LTs21BQb0eXlfvX81
jJuXbef9tR1yzYvHNWkK
=3DRJAg
-----END PGP SIGNATURE-----