Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.3074 watchOS 2.1 9 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple Watch Publisher: Apple Operating System: Mobile Device Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-7113 CVE-2015-7112 CVE-2015-7111 CVE-2015-7105 CVE-2015-7084 CVE-2015-7083 CVE-2015-7075 CVE-2015-7073 CVE-2015-7072 CVE-2015-7068 CVE-2015-7066 CVE-2015-7064 CVE-2015-7061 CVE-2015-7060 CVE-2015-7059 CVE-2015-7054 CVE-2015-7053 CVE-2015-7047 CVE-2015-7046 CVE-2015-7043 CVE-2015-7042 CVE-2015-7041 CVE-2015-7040 CVE-2015-7039 CVE-2015-7038 CVE-2015-7001 CVE-2015-6997 CVE-2015-6979 CVE-2015-6978 CVE-2011-2895 Reference: ESB-2015.2652 Original Bulletin: https://support.apple.com/kb/HT205641 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Compression Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of malformed media files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7075 dyld Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A segment validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative GasGauge Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero LaunchServices Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association libarchive Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks Sandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m 1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R 7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT 3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q 4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4 4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x 3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e Zgl367oS5NsHOKYGx4cn =gPGz - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVmfEkn6ZAP0PgtI9AQL7wg//bMdNDkIiULFnTNbTQRFfqPqbESIgexkn gkMhbPAoKdKXlLNmxX4bQvazav8ejzfFCZ8ZHkL/bwMN4ocYDRSQvOa1PETol9c8 jvCu2rcT5xhRgd3uLsu2GXLui1sRE8QLaDPAH+AypCzpFWRdFapQoKr3bwxrNx9B hPwiV9UnlBc69ylZsqNzpBUd7YxDwyuDd6AqGZAKkRhZAPg05GMYMxkMn6BpkjPB bu07Kcfnz5EDJ81O7cv3foRlzPKmPXXdOaFU0dF9uNaavi5LQHrin2Lg3D4u7F/L CuLGDVZHu2Ni7NeHuRGHUdBXBGI3vQlXbVq63XiRAAksqShRpOZFJjtdmt8mIDh7 RfjA8R3lcPyRsohLCyddU4U2qGGJrBUg2oYHwAb7ZlzInGI2UUH+GMZhkUDhj1zx f+sEv6RBGeOmfsVFXP+jPR8OnTCDkeb2M8cXyx/DJ/bMtwpqDF+RzzEaahki72jw 29S6ix2I++Cx9lwfTPOc7S0XbCYrtiOTT4q8akZ9q3IWbMCGhddXUcnMBykJG+8/ K7GeupREEpcYtv40jFUHDruvYA5Z+l8jTBI3QdqlGMwDGvuZjIJEVzy2suAVl7QD nr/V/kDK5saygXfQ9Zv69s1OO6Rq6Sb5yqebx6q7CEKdtZUDZUpydlwXsfZmaytW MOgVw89Rvm4= =VmGz -----END PGP SIGNATURE-----