[<prev] [next>] [day] [month] [year] [list]
Message-id: <41B9E16B-A967-40E1-9095-FC8236475965@lists.apple.com>
Date: Mon, 22 Jul 2019 12:41:03 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-7-22-4 watchOS 5.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-7-22-4 watchOS 5.3
watchOS 5.3 is now available and addresses the following:
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Digital Touch
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8624: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Foundation
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
libxslt
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Messages
Available for: Apple Watch Series 1 and later
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of
University of Oregon
Messages
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing
Quick Look
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Siri
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
UIFoundation
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Wallet
Available for: Apple Watch Series 1 and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8682: Jeff Braswell (JeffBraswell.com)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero
Additional recognition
MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl01+gkACgkQeC9tht7T
K3GnUw//Qwhsn+qtm6dr4oSw6fnasli9MVb8sUkOOKUMmBZsxOwnnMzBDs4xXEq4
+GR9hOOmsYfa2VYefVvrRpd+JiP2zw1py+7x1T7x+YyiOWGIrtL9O6hnF2YjzakC
4aI4NKrhy9YLety5anCubR0Sx/SV5tl2yt/IFMcgcrxD/SFChEyzFM/GTbWWhxSI
0kC5C1HjIm9VEtNE7o4HqGs0+TrxZaZNOfwiIDaERNuFSYBvUATK8La5AimzXZr2
PUU2NV9pxwRZpKUuSg/wDI5JNrzPUiB0+7vkBodTeeFpNTniNrZbHTJkNlpxauEY
inZ7sh362SRbWn4cSsmflmA3Fe3NhaZ6Z5PHfLvDnywDziIHIcvuSI2J3ueb7mtW
qS6a4sH5MHsF507mdVNSI3SjPtCMp1u/2c3LcP9v0SM2JtoYg/DF6LBxKLvZvaE8
gMiSI+37eCRLfClMPhdtmIX5UABLphQ1/3P4KQq7ferqMEB4eFCm5ylbzLXah84P
UssiM32rUXK0DVucoX9rLzQUAGKOF6mZZnFk2CI4UFhzsWeE4oFEbtyJSbf3zM0h
K9wRJ5PzsCGOgPwLvvvKsSiK09swVNX8/PnMKBK2atXqBOxXdZ7qv9g0rodNnL/B
j2wBBi1BaG4EabCVs3/qGfOfmPVjXTmkZ0WtI0GfuSu9NYyOL3g=
=XnoM
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists