Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3074
watchOS 2.1
9 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple Watch
Publisher: Apple
Operating System: Mobile Device
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-7113 CVE-2015-7112 CVE-2015-7111
CVE-2015-7105 CVE-2015-7084 CVE-2015-7083
CVE-2015-7075 CVE-2015-7073 CVE-2015-7072
CVE-2015-7068 CVE-2015-7066 CVE-2015-7064
CVE-2015-7061 CVE-2015-7060 CVE-2015-7059
CVE-2015-7054 CVE-2015-7053 CVE-2015-7047
CVE-2015-7046 CVE-2015-7043 CVE-2015-7042
CVE-2015-7041 CVE-2015-7040 CVE-2015-7039
CVE-2015-7038 CVE-2015-7001 CVE-2015-6997
CVE-2015-6979 CVE-2015-6978 CVE-2011-2895
Reference: ESB-2015.2652
Original Bulletin:
https://support.apple.com/kb/HT205641
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-4 watchOS 2.1
watchOS 2.1 is now available and addresses the following:
AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Compression
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
malformed media files. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7075
dyld
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A segment validation issue existed in dyld. This was
addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
FontParser
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero
Day Initiative
GasGauge
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6979 : PanguTeam
ImageIO
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
LaunchServices
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
OpenGL
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Sandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-6997 : Apple
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX
K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an
EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m
1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R
7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT
3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK
ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q
Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q
4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4
4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x
3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e
Zgl367oS5NsHOKYGx4cn
=gPGz
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVmfEkn6ZAP0PgtI9AQL7wg//bMdNDkIiULFnTNbTQRFfqPqbESIgexkn
gkMhbPAoKdKXlLNmxX4bQvazav8ejzfFCZ8ZHkL/bwMN4ocYDRSQvOa1PETol9c8
jvCu2rcT5xhRgd3uLsu2GXLui1sRE8QLaDPAH+AypCzpFWRdFapQoKr3bwxrNx9B
hPwiV9UnlBc69ylZsqNzpBUd7YxDwyuDd6AqGZAKkRhZAPg05GMYMxkMn6BpkjPB
bu07Kcfnz5EDJ81O7cv3foRlzPKmPXXdOaFU0dF9uNaavi5LQHrin2Lg3D4u7F/L
CuLGDVZHu2Ni7NeHuRGHUdBXBGI3vQlXbVq63XiRAAksqShRpOZFJjtdmt8mIDh7
RfjA8R3lcPyRsohLCyddU4U2qGGJrBUg2oYHwAb7ZlzInGI2UUH+GMZhkUDhj1zx
f+sEv6RBGeOmfsVFXP+jPR8OnTCDkeb2M8cXyx/DJ/bMtwpqDF+RzzEaahki72jw
29S6ix2I++Cx9lwfTPOc7S0XbCYrtiOTT4q8akZ9q3IWbMCGhddXUcnMBykJG+8/
K7GeupREEpcYtv40jFUHDruvYA5Z+l8jTBI3QdqlGMwDGvuZjIJEVzy2suAVl7QD
nr/V/kDK5saygXfQ9Zv69s1OO6Rq6Sb5yqebx6q7CEKdtZUDZUpydlwXsfZmaytW
MOgVw89Rvm4=
=VmGz
-----END PGP SIGNATURE-----