On 5th of December Apple released security updates to address vulnerabilities in iCloud for Windows and some of these vulnerabilities can be used by the attackers to take control of unpatched system. The below you can see the following vulnerabilities were fixed.
Happy patching!
Safari
Available for: Windows 7 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state management.
CVE-2018-4440: Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: Windows 7 and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: A logic issue was addressed with improved validation.
CVE-2018-4439: xisigr of Tencent’s Xuanwu Lab (tencent.com)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebK it
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4441: lokihardt of Google Project Zero
CVE-2018-4442: lokihardt of Google Project Zero
CVE-2018-4443: lokihardt of Google Project Zero
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2018-4438: lokihardt of Google Project Zero