| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <0F45D67B-5224-42DF-9B0A-A410FE88E177@lists.apple.com> Date: Mon, 14 Dec 2020 17:17:29 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2020-12-14-5 watchOS 7.2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-5 watchOS 7.2 watchOS 7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212009. CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero Security Available for: Apple Watch Series 3 and later Impact: Unauthorized code execution may lead to an authentication policy violation Description: This issue was addressed with improved checks. CVE-2020-27951: Apple WebRTC Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-15969: an anonymous researcher Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBloACgkQZcsbuWJ6 jjA/Vw/8CRpjZD1xQliZmwUBz0S/PjqiSR5BzxeNAeeRFnegcPPsHChw9N3lwmAt GdWTKhNkSCnPAGvL4M66ISwNo5S37nXYTvNBa91H7vcLKFZ+9fLeZu9vF7Z+WyiC SbQNbnX3md2a1P+RC0QdefQ1IWVcDcV6sNs0ghbhCiRmrFra6Mq8ah0TpzOCvDKc ywC+By4z2mDy6IR70AzDIgS0P08Y0UjvzRb7nX4FysnUXFTpORBEdWhrio4CtXch A+g0jXD1KQFMTvR/vdiWqLBTIZhalPF+DZaGakNmP4qxwZOQnNpAKc3IbtaURyC7 CD3HDdlZYjMtr9Fs+3u/pcMOxFrhborrBfjD+pfgA2c+50eTaEvtnej7Fe2Ds3BL nU/Pdl/0i8u9EsO6JiHl8Ti5zor6bFmywTTpkQ+9eQFAx5sthozEeNS3EWsQYk/r cQJW2WZOSCkevY15gh+NnGBpF79TIIkOJ6GyQC+nnqWsrN0RcX0UVtcrtTS96vNj 1ItE8rhZTDCecj1ln0HawyKZ66oYK3A4jt7YOpd2VckS6Ex9KaFaBnruY0v+n8ny T4PGZvRjsyhdobBLvwqIOynknOrRtZYTKihA4vZGVuoaiL6/7It83J3cJfPFnULg qCBgv6XebLAaK1e+q7QoFU5r5p9aCT1/MtO9GYyCv9CLaMt1rwI= =50W4 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists