Apple iCloud 10.x < 10.8 Multiple Vulnerabilities

critical Nessus Plugin ID 138093

Synopsis

An iCloud software installed on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.8. It is, therefore, affected by multiple vulnerabilities:

- Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2019-8710, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)

- Multiple issues exist with in the Libxslt due to multiple memory corruption issue. (CVE-2019-8750)

- An cross site scripting vulnerability exist with in the WebKit due to logic issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)

- An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory corruption issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8815)

Solution

Upgrade to iCloud version 10.8 or later.

See Also

https://support.apple.com/en-us/HT210727

Plugin Details

Severity: Critical

ID: 138093

File Name: icloud_10_8.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 7/3/2020

Updated: 5/12/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2019-8816

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-8750

Vulnerability Information

CPE: cpe:/a:apple:icloud_for_windows

Required KB Items: installed_sw/iCloud

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/18/2019

Vulnerability Publication Date: 12/18/2019

Reference Information

CVE: CVE-2019-8710, CVE-2019-8750, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823