[<prev] [next>] [day] [month] [year] [list]
Message-id: <0B52E239-99C8-4CB9-BD04-144D5DE42BFA@lists.apple.com>
Date: Wed, 19 Jul 2017 12:33:11 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-07-19-3 watchOS 3.2.2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-07-19-3 watchOS 3.2.2
watchOS 3.2.2 is now available and addresses the following:
Contacts
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)
IOUSBFamily
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
CVE-2017-7026: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7023: an anonymous researcher
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher
libarchive
Available for: All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-7068: found by OSS-Fuzz
libxml2
Available for: All Apple Watch models
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7013: found by OSS-Fuzz
libxpc
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero
Messages
Available for: All Apple Watch models
Impact: A remote attacker may cause an unexpected application
termination
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7063: Shashank (@cyberboyIndia)
Wi-Fi
Available for: All Apple Watch models
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi
J4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ
0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+
6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8
mVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6
jv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE
K1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm
GE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx
hR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6
jtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi
zrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb
QvBYRDybEp8yUkxd8seM
=Ci3F
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists