Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2653 APPLE-SA-2015-10-21-2 watchOS 2.0.1 22 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Mobile Device Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Console/Physical Access Privileged Data -- Console/Physical Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-7015 CVE-2015-7006 CVE-2015-6996 CVE-2015-6989 CVE-2015-6974 CVE-2015-5942 CVE-2015-5939 CVE-2015-5937 CVE-2015-5936 CVE-2015-5935 CVE-2015-5927 CVE-2015-5926 CVE-2015-5925 CVE-2015-5916 Original Bulletin: https://support.apple.com/en-au/HT205378 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. CVE-ID CVE-2015-5916 Bom Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security configd Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A local user with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in CoreGraphics. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a document with a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 Grand Central Dispatch Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVigjWX6ZAP0PgtI9AQKVFg/+Kg+vzeWoX3goQk5c/38uJaZLTcH4xYM2 DylQebgzEirtcndDBMDMu0SWYMTbk1PSdw07zEd34KugHn4yuXvrgX1DwDzTkBO6 CcNB9CMgx7WajRpJDxEu0kGDgYZwyWWLutsFY9yQOZYie7bsnoqYhaeDLKpu0m2I HHEWz48oE2ebJCsvA0DhscetNM1ABspC3Hqt3GsC9jaKYa0jzsCW9us6o9DCff0F 4J7mGkfTQVuua/iovW4maW6IcM+2Fzn+Vu/d3g+CZP96aMPm7ve2191guxAeH2jO KPyFhqkCBu16P4YqgVnvQSaOgIz+GWDPc1rZyJawoHdgiR+A7zuWnUhAfO9th/n8 Up1MtQTCTrCh56a1t2PlYLFI6GPja41Ya9QnNb0QT+4d8qH96f53XzUE2+dRb3R0 CDwAlL1HlITE20A+0Y/OVzKMOHaCylzBJ5her1rBNP/vBMEXWTItoSYvu/pYQzua l0wDedClZEiNEoZuSBIMjZtQh/x55oiqazEPl72FCeXqI7Ep+3tqbv7PbuZ+FZES 3OTq5WQOoMCW5fKMggReOmV34+LuEBjn2edlsD8HvYsdo+H7wpxbDTmwS9Hopnzg 550zVsQgt5Ufd+oEIGpD7UjazIORkbaRVOANucDARjifDjPtC4g8ltbPXFQ1BGiK PXZEv/zQMrk= =K5Bs -----END PGP SIGNATURE-----