| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jan 2024 17:18:23 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: Apple Product Security via Security-announce <security-announce@...ts.apple.com> Subject: [FD] APPLE-SA-01-22-2024-8 watchOS 10.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-01-22-2024-8 watchOS 10.3 watchOS 10.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214060. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Apple Neural Engine Available for devices with Apple Neural Engine: Apple Watch Series 9 and Apple Watch Ultra 2 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2024-23212: Ye Zhang of Baidu Security CoreCrypto Available for: Apple Watch Series 4 and later Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key Description: A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. CVE-2024-23218: Clemens Lang Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of Legendsec at QI-ANXIN Group Mail Search Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved redaction of sensitive information. CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and Ian de Marcellus NSSpellChecker Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved handling of files. CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) Safari Available for: Apple Watch Series 4 and later Impact: A user's private browsing activity may be visible in Settings Description: A privacy issue was addressed with improved handling of user preferences. CVE-2024-23211: Mark Bowers Shortcuts Available for: Apple Watch Series 4 and later Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with additional permissions checks. CVE-2024-23204: Jubaer Alnazi (@h33tjubaer) Shortcuts Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass certain Privacy preferences Description: A privacy issue was addressed with improved handling of temporary files. CVE-2024-23217: Kirin (@Pwnrin) TCC Available for: Apple Watch Series 4 and later Impact: An app may be able to access user-sensitive data Description: An issue was addressed with improved handling of temporary files. CVE-2024-23215: Zhongquan Li (@Guluisacat) Time Zone Available for: Apple Watch Series 4 and later Impact: An app may be able to view a user's phone number in system logs Description: This issue was addressed with improved redaction of sensitive information. CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) WebKit Available for: Apple Watch Series 4 and later Impact: A maliciously crafted webpage may be able to fingerprint the user Description: An access issue was addressed with improved access restrictions. WebKit Bugzilla: 262699 CVE-2024-23206: an anonymous researcher WebKit Available for: Apple Watch Series 4 and later Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 266619 CVE-2024-23213: Wangtaiyu of Zhongfu info Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDqsACgkQX+5d1TXa IvqR0Q//a137PlcPioIws/A02XClBQtF95fwuaz7DEhi79XZvH1q1+N3EYd/1b8l YkGdXQik8uS4zpB4KBJ+8cRYqaNaMDO0lNr2RdGgUInMd2bc+HBHigxEY47Wzbr2 UT3r2uJW70HalBNrGNOj15JQTQ4MhbjjTq/ezrIdCFTo1RHk9vOc//AajbDtWiQp X5jGhoGzDB378vswEEyp4OjArh5v2xEv5hcoIvrzlgkSz9aRwzLgluR7sXGifE6O vU7zP2oT36zwBAfTsY1CkarTeQprQ4iyiEIlDzwxr+Z2ooGUmOStzsQtuU28QSQK sl0b42V7mkTFWVCXymsjCBbGw/JPSkGzptOPNqoEtBddiMuLU2BGBWk51xa5cEzy tsLWd1vlnUms3CqM6QvOxdj3mzs4wzxha941a0h67lR7NeR09CqflKsr7vDFWOBY PdVAUSDRxeM1rntVJfFJAkssUV14TGSTDwqMQmiUyxqXfKymSc4dCqIDLyqcdblB wNtwKFlstCZxcmc2V0zfDWHJ0y75sTUUhlk3AvH/OeVve9rhDvtKdoKDHdOauKHw kss00oy5TLkeTYi26oJfEMtts7BS+8ZEF3cLNxOBZ/cdIO1+Ifl8jNcluTLlC8F7 4MxcjC8prTl0aZ4sqJfcUBLnqkMdn0GaqXOPXSa6hQxiNc5dcIk= =hoM+ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists