| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Oct 2017 11:31:07 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-10-31-4 watchOS 4.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-4 watchOS 4.1 watchOS 4.1 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher StreamingZip Available for: All Apple Watch models Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. Wi-Fi Available for: Apple Watch Series 1 and Apple Watch Series 2 Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZo5xAA jTpaachkUVY+9IK5oKi1gR0QsjZJpbsVU6D18UxiborH6KGtKesBzP4Rp+a2rpwV 6pXfIZUftel/fnvKb6EL7r36jZdg+tCxvS+eNYb1BcbHgw7Z4jmbmHTw8NV3fQxQ GCdzvGhWm3C2saYPLrHBjBFZqpBPy55VNiZmJgvKEULUMdMSozWoKXeJ3r1bThgC m8GxhLiAPs+F9vTbWGOF/+hTPJrk8Lpej39JHPDg8TCXYWFEUDVvO0hIR/cAW9O0 9LgDzb9JimSUOjFKQ+ujjd//mrZUG59s3eX5ObJPLQCA91ERLWhEFX/KSnCRsFTc jIJExuCtYDHvL6a3nC72T/uNjlFvqafd9C+M+guIaKP+U5+5inDvqqJj+i4EOTQh KZSKE+m1PHf0IFn0JSlBIl6zwSKBXj5Tao3YBKjTgJfzBuNk3KUpzvufm8PDkRm3 j9GjURbXTomppOcAosH0j9Zx4DxMBjde/8/jYESKc/YnYyQ3naQgXvzpAEUf+/jO u0r6TXLOxOLDFtVZ3KHTpM6pX1tN+rjGtqflcPBWnXx7yz0j3Z1jNumGe1aeSKUJ oQ26Hr4VqsCplVZMXPoGYWt4ap96MZP/nN2PqeY8utGOHjHcFYix/DtzBWa5pZXR f/XPMkH1w9gHGkddcTeevQ7O5mk3c0zKItv0xACL32U= =QWYU -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists