Dangerous gaps were discovered in WebKit, which use both software solutions. They allow remote attacks and arbitrary code execution. The Federal Office provides a high security risk and recommended immediate updates.
The Federal Office for Information Security (BSI) has issued warnings to two vulnerabilities in iCloud and iTunes favor Windows. Both software solutions it classifies the gaps with the risk level. 4 They allow remote attacks and execute arbitrary code.
The partially homonymous warnings pertain to two critical vulnerabilities. These were discovered in the browser engine WebKit that Apple uses in both software solutions. They allow a remote and unauthenticated attacker to spy information and perform beyond arbitrary code.
This affects the operating systems Windows 7, Windows 8.1 and Windows 10. Apple provides this as a security update iCloud for Windows 6.0.1 and iTunes 12.5.2 for Windows to.
For the first of the two errors Apple indicates that inputs are insufficient validated. Processing maliciously crafted web content may therefore lead to the disclosure of information. The second vulnerability allows a malicious website prepared to execute arbitrary code. It is based on several problems with memory corruption that are fixed in the security updates through improved memory management.
With the same gaps and Apple’s own operating systems had to fight, which were supplied with updates already some days ago. With iOS 10.1 the iPhone maker stuffed a total of 13 security holes, including those that occurred in Windows. At the same time eliminated MAC OS 10.12.1 and 10.1 TVOS these errors.