lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <67AF63F9-0E7E-4474-A771-37063D5557E5@lists.apple.com>
Date: Mon, 17 Sep 2018 11:23:14 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2018-9-17-2 watchOS 5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This
issue was addressed with improved input validation.
CVE-2018-4363: Ian Beer of Google Project Zero

Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots. The issue was addressed with improved handling
of application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott,
Enes Mert Ulu of Abdullah Mürşide Özünenek Anadolu Lisesi -
Ankara/Türkiye, Mehmet Ferit Daştan of Van Yüzüncü Yıl
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)

Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlud5zQACgkQeC9tht7T
K3FV9hAAtX6gDqHABD9ceNOS2nKF4CYYKkObac9J6UYiRnygTAn0FY7fxvEKuOSz
LS976VqorWl2+95u9H3BffjP3bJM8dvlbMlOWl4vpj1cYmswovv0sO1tKF2oqt9z
hrMZ9hIkzpDdwBMbjS6Tx7VHO/A42DQkOs271El2uH+Ua1i6+1xOlbyJ8EDzCmSy
ksgxxuzvHkaaWZJWPkkW7+/H+PliHsFVnyjhxjvs0Gl+aXn/cZFPqdAbRTw34ApS
ATwMWt5VCmIPJhoijx6pGIVhlMlllyaw7neAGkUG5LCmj6irpmHi0TB3Br3bzs3s
8tEv5bDzwKigr1IidcA7MCndEqpuJb6LyId9sEgExSGAr722RBro4dPZb+2S6cZ3
PWm2chZKJXMknvgxb8FWCx7VS3UaKoxCxWPuP7cVs2N5xjQzFcM5BCfzuldu6XYd
6UoLucW95iC0/ZD3/OzEeqhNdy6iXntg80YSFWJzLNZ2bkkTwd6WG1Y6o2lTtdba
audddBD2Ux+m+Mbb2gUeW7sBYTNqx9vPFZZR7qme+kRJ8+c/WvAhgORy6GqyWErn
fQx6HZdypilQy+MZkTvTxNeGZi/qdblL20I1TGRPPvTPtMw6Q7hHqdsJWurew/jQ
C6QUtN88Vq6zBEhpN12Y62G7OHchJTovYB5fGwnZ3Kb8QOfidyw=
=YFA1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ