[<prev] [next>] [day] [month] [year] [list]
Message-id: <CE228047-A59E-45EF-8E15-3134E417A8B8@lists.apple.com>
Date: Tue, 26 Oct 2021 16:29:28 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2021-10-26-6 watchOS 8.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-6 watchOS 8.1
watchOS 8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212874.
Audio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Apple Watch Series 3 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
IOMobileFrameBuffer
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
UIKit
Available for: Apple Watch Series 3 and later
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Apple Watch Series 3 and later
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Additional recognition
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4htAACgkQeC9qKD1p
rhgUWA//SbDuER3CFjs5xB0BeARUai/APOn+DFlOPPnz24GnCmy+5DvtascGravv
L3tN6fNRtFo60H4td23pgIng0IwRgEiKfZjoUfyX/DPb6VXJVsHPv7pXjlFhzSd3
2/6hxQ9GNPqTLj05iMcu/EIfmm7t7JdZFYuCugJ6WrqPob3bEQmr69UV2/DD4LG3
Uqp4xsBJnRnMGJhtyzf9JBv5JbMd/SVmOnOj6E7zHiUeW5ZW61uGj1XstGN9LtbW
/s3qn2n2cBSFZ+cFR+Jg6no71AR9afLeA6lB9mrrC2BwQmeJ4h2Q/Z5woDj0DNYe
VE+Ku/hIyYq8hp+nAeoKpmLPA/WQcIWY/R1A5giEnmJljl1w8d3ZpdWSZ6eQHWd2
x8Al7wpuQ9xnPkF+sPwHWaU5UySuq/HiPAs8500fLyPbe9ipobEI7UcACE2EEPXT
zEUFU75T3RcJ8X6YnRM8p/yj8PwUGal0o0sS7j7wJO8wCxHA3c2NaYCmsA33QMdh
YMF/FTqaBYnLMVVwROb4aXFrVju8upu6q7l3/CnOjLB5VD8qyfwKSlJvC+tkgdmG
kpJ248DHdsHhdlqVq7oC1Oh8GQCSChaFB+BgQ4k5XlSGqxSaJNFNMfx6rxGy6S88
AzZZJz5Dn1zl2GzMIILl1WA5JUZzt8eEcIzCZYVv1Atsw8maj4o=
=x3cn
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists