NVT: Apple iCloud Security Updates (HT210212)

shadowless · March 15, 2020, 11:42am

The NVT: Apple iCloud Security Updates (HT210212) reports that my windows system has a vulnerable version of iCloud for Windows, which could certainly be true, despite it being the latest. The “solution” below is to upgrade to iCloud 10.4. There is no iCloud 10.4. Latest version for PC is 7.17.0.13. Just thought someone who creates/manages these NVTs should know.

"Summary
This host is installed with Apple iCloud and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 7.17.0.13
Fixed version: 10.4
Installation
path / port: C:\Program Files (x86)\Common Files\Apple\Internet Services
Impact
Successful exploitation allows remote attackers to gain elevated privileges, execute arbitrary code
and read restricted memory.
Solution
Solution type: VendorFix
Upgrade to Apple iCloud 10.4 or later. Please see the references for more information.

_ad · March 16, 2020, 10:33am

Hi there,

thanks for letting us know. We will try to take care of this issue and eventually get back to you, once a solution has been found.

Cheers

cfi · March 22, 2020, 1:30pm

Thanks for your report / posting.

It seems this is not absolutely valid / true. As you can see in the referenced Apple advisory of this VT:

there is iCloud 10.4 for Windows and even a version 10.9.2 according to:

But when checking Apple security releases - Apple Support we might already found the explanation for this:

iCloud for Windows 10.9.2 Windows 10 and later via the Microsoft Store 29 Jan 2020

vs.

iCloud for Windows 7.17 Windows 7 and later 28 Jan 2020

It looks like Apple is maintaining two Windows versions which wasn’t taken into account in that VT:

iCloud version for Windows 7 are starting with 7.x where iCloud versions for Windows 10 are starting with 10.x.

AFAICS the reported VT has already been updated two days ago based on your report and the updates version should be already published in the feed. This VT is now only reporting a vulnerability if a 10.x version was found and the version is less then 10.4.

Thanks again.

cc @antu

shadowless · March 22, 2020, 2:58pm

I see the NVT has been updated to report “7.11 or later” as opposed to a version 10.x. The most recent version you’ll see reported by iCloud (whether you install from the Apple download site or Microsoft Store will be 7.17 as I’ve just done that.

cfi · March 22, 2020, 3:22pm

The mentioned VT hasn’t been touched in that way. I can see that it was only updated to use:

if(icVer =~ “^10.” && version_is_less(version:icVer, test_version:“10.4”))

instead of:

if(version_is_less(version:icVer, test_version:“10.4”))

If both installation via the Apple download site or the Microsoft Store on Windows 10 will report their version as 7.17 instead of the expected version 10.9.2 for Windows 10 then i’m not sure if there is that much what can be done here. Maybe always checkin for the 7.x versions but mentioning in the VT description that 10.x are the Windows 10 versions which should be installed could be a possibility?

But let’s see what’s the opinion of @Antu is on this topic.

cfi · March 26, 2020, 11:00am

So according to @Antu it is possible to install iCloud 7 and iCloud 10 on Windows 10 but for Windows 7/8 it is only possible to install iCloud 7.

So this also means the updated HT210212 now only checking for iCloud 10 versions is the correct way and this change should be already in the feed since a few days.