Multiple vulnerabilities in iCloud for Windows

Apple offers security updates for the Windows versions of its iCloud software: iCloud for Windows is now available in version 11.3 (for Windows 10 in the Microsoft Store) and version 7.20 (for Windows 7 and higher). The updates close 20 security gaps, which among other things can cause manipulated image files to execute malicious code. Cross-site scripting attacks and circumvention of protective functions are also conceivable.

Remote attackers can run code

Even remote attackers can execute arbitrary program code. Apple writes about the security updates in supporting documents. The gaps are in Apple’s Image I / O framework, which is used to open most image files, and in the WebKit. Safari’s browser engine is deeply integrated into the system in iOS and macOS. As part of iTunes for Windows and iCloud for Windows, Image I / O and WebKit are also available on Windows, but should only be a minor area of ​​attack there as they are not used in the context of a browser.

Apple typically updates its Windows software soon after security updates for its own operating systems are released, which sometimes provide details about the vulnerabilities. This time, however, it took significantly longer: The above-mentioned weaknesses in iOS, macOS, watchOS and tvOS were fixed in mid-July, and an update for the Windows version of iTunes (12.10.8) followed at the end of July.

iCloud integrated in Windows 10

iCloud for Windows is important software for iPhone users who want to use Apple’s services on their Windows PC as well: iCloud has been integrated directly into the Windows 10 file explorer for about a year and offers access to files and documents in Apple cloud storage. The iCloud app also supports syncing Apple services with Windows PCs, including contacts, calendars, reminders, emails and bookmarks, and photos and videos stored on Apple’s servers.

(lbe)