| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Sep 2023 11:34:42 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2023-09-21-4 watchOS 10.0.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-09-21-4 watchOS 10.0.1 watchOS 10.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213928. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks. CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Security Available for: Apple Watch Series 4 and later Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: A certificate validation issue was addressed. CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+QACgkQX+5d1TXa Ivrolg//eCfa6uj7rYz+BwmO2KTNLG+gAn+NZ9hnFb/txI8aoIwYc5rxDM8ektDP itxupK30fcz3cG3fdWazD8YQ16Q7nN9KgU1alLELMZCgBI9K9osMGHzwzCepF1bJ gaIt6e/DT6nEruNbtR9DOvZYFK0bBaM+Iar6GZ9NgSP8KwXZjRgCUBtaYuKEu2z4 K3xic4l0iKbV6T+Wb2hoinsRYjD5vf85q/6qcufRzUdBzpCyy6jEmMZs0CKnCef7 joEtz1tCVOydrydWXDNrmVXm5BLjBp4Fo3+i5O+zXXJvOaFdvHsbZ9IXmdMR2Zrz YY7XxCawuRopfTAsNmnl8dYGGA2u9hSNmxienTCReYfF2gY6QG9tUpnS6TYkv1+3 HT/W5or4HLlVQvG4M+6ZOLIL/RlCBlnJBP7L78FYQW/0650FU6Xq3UoeQIx5LBf2 xtz4Dk/Dd/hF0dpGgRtg/Qw1ZqMZbwSgM4Z9yNOT1BnDWKgPyyl4Cg8D50ua4jyH eGXUOQhM8hUoaIYjyNe2HM44tW3zZue/eXdu2xLL0LqwBWu4nEZBoyXHJLZHCtYq W3KFBpcK3xgXujoknsu+X4Lq/oKH9SdPVmExkIZ/3Ga+8W2pYS3vIhRglt/Cuiis xezTX8F3NjxIIztlBwlIgIGcdhb3pFRm7YqMwXykxOIpevPAyRM= =zsee -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists