Original Issue Date: November 18, 2021
Severity Rating: HIGH
Systems Affected
Apple iCloud for Windows versions prior to 13
Overview
Multiple vulnerabilities have been reported in Apple iCloud for Windows which could be exploited by a remote attacker to execute arbitrary code or bypass security restrictions on the targeted system.
Description
These vulnerabilities exist due to type confusion, multiple memory corruption issues, improved checks, logic and other issues in Foundation, Image IO and Web Kit components of the affected software. A remote attacker could exploit these vulnerabilities by persuading a victim to visit maliciously crafted web content/image.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or bypass HTTP Strict[1]Transport-Security (HSTS) on the targeted system.
Solution
Upgrade to Apple iCloud for Windows 13 as mentioned in Apple security updates: