CVE-2019-6236: Race Condition
First published: Mon Mar 25 2019(Updated: )
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.
Credit: Stefan Kanthak (eskamation.de) product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <7.11 | 7.11 |
| Apple Icloud Windows | <7.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2019-6236?
CVE-2019-6236 is a race condition vulnerability that existed during the installation of iCloud for Windows.
How does CVE-2019-6236 impact Windows Installer?
CVE-2019-6236 could result in arbitrary code execution if the iCloud installer is run in an untrusted directory.
How was CVE-2019-6236 addressed?
CVE-2019-6236 was fixed in iCloud for Windows 7.11 with improved state handling.
What is the severity of CVE-2019-6236?
CVE-2019-6236 has a severity rating of 7.5 (high).
How can I fix CVE-2019-6236?
To fix CVE-2019-6236, you should update to iCloud for Windows 7.11 which includes the necessary fix.
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple icloud windows