| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <67AF63F9-0E7E-4474-A771-37063D5557E5@lists.apple.com> Date: Mon, 17 Sep 2018 11:23:14 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2018-9-17-2 watchOS 5 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-17-2 watchOS 5 watchOS 5 is now available and addresses the following: iTunes Store Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero Safari Available for: Apple Watch Series 1 and later Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah Mürşide Özünenek Anadolu Lisesi - Ankara/Türkiye, Mehmet Ferit Daştan of Van Yüzüncü Yıl University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Security Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlud5zQACgkQeC9tht7T K3FV9hAAtX6gDqHABD9ceNOS2nKF4CYYKkObac9J6UYiRnygTAn0FY7fxvEKuOSz LS976VqorWl2+95u9H3BffjP3bJM8dvlbMlOWl4vpj1cYmswovv0sO1tKF2oqt9z hrMZ9hIkzpDdwBMbjS6Tx7VHO/A42DQkOs271El2uH+Ua1i6+1xOlbyJ8EDzCmSy ksgxxuzvHkaaWZJWPkkW7+/H+PliHsFVnyjhxjvs0Gl+aXn/cZFPqdAbRTw34ApS ATwMWt5VCmIPJhoijx6pGIVhlMlllyaw7neAGkUG5LCmj6irpmHi0TB3Br3bzs3s 8tEv5bDzwKigr1IidcA7MCndEqpuJb6LyId9sEgExSGAr722RBro4dPZb+2S6cZ3 PWm2chZKJXMknvgxb8FWCx7VS3UaKoxCxWPuP7cVs2N5xjQzFcM5BCfzuldu6XYd 6UoLucW95iC0/ZD3/OzEeqhNdy6iXntg80YSFWJzLNZ2bkkTwd6WG1Y6o2lTtdba audddBD2Ux+m+Mbb2gUeW7sBYTNqx9vPFZZR7qme+kRJ8+c/WvAhgORy6GqyWErn fQx6HZdypilQy+MZkTvTxNeGZi/qdblL20I1TGRPPvTPtMw6Q7hHqdsJWurew/jQ C6QUtN88Vq6zBEhpN12Y62G7OHchJTovYB5fGwnZ3Kb8QOfidyw= =YFA1 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists