CVE-2019-6236: Race Condition

Q: What is CVE-2019-6236?

CVE-2019-6236 is a race condition vulnerability that existed during the installation of iCloud for Windows.

Q: How does CVE-2019-6236 impact Windows Installer?

CVE-2019-6236 could result in arbitrary code execution if the iCloud installer is run in an untrusted directory.

Q: How was CVE-2019-6236 addressed?

CVE-2019-6236 was fixed in iCloud for Windows 7.11 with improved state handling.

Q: What is the severity of CVE-2019-6236?

CVE-2019-6236 has a severity rating of 7.5 (high).

Q: How can I fix CVE-2019-6236?

To fix CVE-2019-6236, you should update to iCloud for Windows 7.11 which includes the necessary fix.

Published Mar 25, 2019

Updated

A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.

Other sources

Windows Installer. A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling.

Credit

Stefan Kanthak (eskamation.de)

Affected Software

2 affected componentsFixes available

apple iCloud for Windows<7.11

7.11

Apple Icloud Windows<7.11

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT209605

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-6236?

CVE-2019-6236 is a race condition vulnerability that existed during the installation of iCloud for Windows.

How does CVE-2019-6236 impact Windows Installer?