-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3 iCloud for Windows 10.9.3 is now available and addresses the following: libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@____benjamin) WebKit Available for: Windows 10 and later via the Microsoft Store Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Windows 10 and later via the Microsoft Store Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: Windows 10 and later via the Microsoft Store Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: iCloud for Windows 10.9.3 may be obtained from: https://support.apple.com/HT204283 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDdAAoJEAc+Lhnt8tDNnuAQAKgtKGrR6+eS+K03MQC+TUpM OjENkoAGxYeFpOB5lXvZO7JOEnnEtxpj2+YUPQd0QoMXy1vmt8XpsPDnTHpeXPnR XYaxvMr5UlYbAmdF+iMgB8xH6U1iPdcXEOgH4+pD8PDSYZiN0xm9QHTLkw7jZI36 xs7EOVZsz8nGl+jkZiydZgQWoAbkoXuUR6UOFwhv6HiyQA0BrOYl6orwt2KqgPgA Jdd3Vo47jGBRRndEXJ+XwKN5w0BTgz9us4gCoz1zGFGsPfg4dqefyWUpdgvnpp1l wjVN/hcFSCQ4TdoaymVa8pxl7jYpaToNnTMsw9AlFBS5ONc7+3HQh0g3a/gULe1w e20lMSIkLf+3GknKVaDr92ZZg13yzaFKyLGDZiquGaCmRCN/m8Zi15UHKIQSzby5 ia3haem1pEXhuLh/AA7mqV6c/99QgdBU3Rjr4xNeBU5BarnCr0yvTGbn3+3uOUFR Dnvx9+awHjXfAvbgYNk9NkRma0x3O9lv3JNfZrImjQg7KOnat3JlNcrpy5DSFfRs 33fE1xQvdHOuD9vs2oSu71vVEOQLvpuYTs8MuZwhIxJIoa/uOQ6jRaqSuXacXun7 FgTW1yw5Q607/p/zkKMvosrBYi/aB2Zfpig+j56aEOqvVwS3kYy8J/AZ7avJVME5 sFRCFJgBDwoCfaP5iesq =5hwK -----END PGP SIGNATURE-----