[<prev] [next>] [day] [month] [year] [list]
Message-id: <2A3903BD-3D7D-4B61-97B7-2C3B5D3EF226@lists.apple.com>
Date: Mon, 15 May 2017 10:50:58 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2017-05-15-4 watchOS 3.2.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-4 watchOS 3.2.1
watchOS 3.2.1 is now available and addresses the following:
AVEVideoEncoder
Available for: All Apple Watch models
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOSurface
Available for: All Apple Watch models
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
SQLite
Available for: All Apple Watch models
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: All Apple Watch models
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: All Apple Watch models
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
TextInput
Available for: All Apple Watch models
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGGZsP/izdSqAOOAEcPooYThydEm61
UdXdekjbQB6bDq+TgnhReTvnXF/KhXgOwlnCrYXkQVoAGLMr6fXb5Qf1bnZsrhuv
HAofCUFrmaTFTb29xe23tVAh6bAkh5ySZx9FftMfyWZYepX21uNxxMa7wF2ZNuHT
cyCnrh8+MGICmWzceXT8/UBL+Nvoc/Qft38i0ZpDh+8TEwZ+si7TAEiNQhQxafs2
4gP2GoPxlirDvjIBO1InU1OKbf90a3HqJFrsi4jytK1w+XyHsxJWNQf3nBG/mfrE
pxsh6AZsYKA/IsJ5dnAbxL/27eumi1JqJxyj3IS/y+DbB+N7lNwCUzRmZPSZR1t7
PxF76OQdkaQWWRH+m49WytpKKvJ528EvrWx+wAOMsZLRHEbjUAcjsXsebUaVuyuf
iEQvRDLZc3fCPFa+hbSQBZLk7ddPLjZTfL++G2vmtYnmHgx4uDKFHhTuSAVLkzZJ
iwJA8WrQL40UViIzAA6fn+eaxyOz6RspEkOEYylqj3FFOAhUIzZ5GkUy2NnPHId1
gbYfeou/VKIl/aiKpsp41syMlNcc57wDout/VrxkKFSXzX8Bj9BnzjJzzgDyd4E4
Btqn1clCcLrT4CJoY0ZBqK8QqG68plwgaONXISXBwGDPpFbEfQZlU8O1Q817siSy
ocP/dh7qXkhPMcAoH3fG
=anIP
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists