NVT: Apple iCloud Security Updates (HT210212)

The NVT: Apple iCloud Security Updates (HT210212) reports that my windows system has a vulnerable version of iCloud for Windows, which could certainly be true, despite it being the latest. The “solution” below is to upgrade to iCloud 10.4. There is no iCloud 10.4. Latest version for PC is Just thought someone who creates/manages these NVTs should know.

This host is installed with Apple iCloud and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version:
Fixed version: 10.4
path / port: C:\Program Files (x86)\Common Files\Apple\Internet Services
Successful exploitation allows remote attackers to gain elevated privileges, execute arbitrary code
and read restricted memory.
Solution type: VendorFix
Upgrade to Apple iCloud 10.4 or later. Please see the references for more information.

Hi there,

thanks for letting us know. We will try to take care of this issue and eventually get back to you, once a solution has been found.


1 Like

Thanks for your report / posting.

It seems this is not absolutely valid / true. As you can see in the referenced Apple advisory of this VT:

there is iCloud 10.4 for Windows and even a version 10.9.2 according to:

But when checking Apple security releases - Apple Support we might already found the explanation for this:

iCloud for Windows 10.9.2 Windows 10 and later via the Microsoft Store 29 Jan 2020


iCloud for Windows 7.17 Windows 7 and later 28 Jan 2020

It looks like Apple is maintaining two Windows versions which wasn’t taken into account in that VT:

iCloud version for Windows 7 are starting with 7.x where iCloud versions for Windows 10 are starting with 10.x.

AFAICS the reported VT has already been updated two days ago based on your report and the updates version should be already published in the feed. This VT is now only reporting a vulnerability if a 10.x version was found and the version is less then 10.4.

Thanks again.

cc @antu

1 Like

I see the NVT has been updated to report “7.11 or later” as opposed to a version 10.x. The most recent version you’ll see reported by iCloud (whether you install from the Apple download site or Microsoft Store will be 7.17 as I’ve just done that.

The mentioned VT hasn’t been touched in that way. I can see that it was only updated to use:

if(icVer =~ “^10.” && version_is_less(version:icVer, test_version:“10.4”))

instead of:

if(version_is_less(version:icVer, test_version:“10.4”))

If both installation via the Apple download site or the Microsoft Store on Windows 10 will report their version as 7.17 instead of the expected version 10.9.2 for Windows 10 then i’m not sure if there is that much what can be done here. Maybe always checkin for the 7.x versions but mentioning in the VT description that 10.x are the Windows 10 versions which should be installed could be a possibility?

But let’s see what’s the opinion of @Antu is on this topic.

1 Like

So according to @Antu it is possible to install iCloud 7 and iCloud 10 on Windows 10 but for Windows 7/8 it is only possible to install iCloud 7.

So this also means the updated HT210212 now only checking for iCloud 10 versions is the correct way and this change should be already in the feed since a few days.