[<prev] [next>] [day] [month] [year] [list]
Message-id: <A28DD124-8AAC-4CFC-9B24-05B67DA02508@lists.apple.com>
Date: Tue, 30 Oct 2018 11:58:27 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2018-10-30-4 watchOS 5.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-4 watchOS 5.1
watchOS 5.1 is now available and addresses the following:
AppleAVD
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
ICU
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IPSec
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
NetworkExtension
Available for: Apple Watch Series 1 and later
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EA8g/+
Ll91rTID6pn6oncXh+evrELJOBBZwZZh2mRNHh/yFK2bIt7v6MLas+ez9cDh8SXE
dvS5EeIBwNDr7drVbk14JOLADKsDcJUEfCUHCno1iJfAzIQC5N+eJyzgNZlOlzXG
8sNKn7gv2VxVW6CXKbSSX2VgyZ+UUIpU6Bmoj4ZsasycBLBNG6ZC+07ZAZfxBpL4
jcJz1Zq0ZueaxwV+21Are/51pMzC3tHuO77BTWCV8OTLROi72BuvfLtIcLG0HkRS
nKsB3Qt6NcwuzvPR0HedCWsH+2DR3fyHNkHou47KM0vlW5BmgvVXj6KOTMvVm3o0
3WegNySOTPKyUdVWNQWm/n3TqwuT7Ahpfb+tg0nCQ+7cS7DukFfHET++J21ihNpG
YHUqa/dCnvNj+F7aUHwsW9aL7ZXsJphyRBhG5896z56N5diSPQ2rAnszgvGVNyEW
PXEVCFcOOGuxvkN20LP+/EawOb/NTp2JlL5HexzBpYmH88GMjIN1pYQmG4izSG3M
P0uQTui3aBE39wR2BwUSkI0PVxmumqDGKPk+exyxExcOuPPQo2OwIxki8az2taMf
6iFjZWyIeS5ZwHy8XOca7Oe+4yM8WLnfPiX34JkdH5a0hsC1Y/e6E5IhGwpNcpnt
q3709XOMbW2YjH1WyGrjUGgrrOJbq3Y5XM7dvkuXsuY=
=m0yh
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists