Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1234 APPLE-SA-2016-05-16-3 watchOS 2.2.1 17 May 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Mobile Device Impact/Access: Root Compromise -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-1847 CVE-2016-1842 CVE-2016-1841 CVE-2016-1840 CVE-2016-1839 CVE-2016-1838 CVE-2016-1837 CVE-2016-1836 CVE-2016-1834 CVE-2016-1833 CVE-2016-1832 CVE-2016-1830 CVE-2016-1829 CVE-2016-1828 CVE-2016-1827 CVE-2016-1824 CVE-2016-1823 CVE-2016-1819 CVE-2016-1818 CVE-2016-1817 CVE-2016-1813 CVE-2016-1811 CVE-2016-1808 CVE-2016-1807 CVE-2016-1803 CVE-2016-1802 Reference: ESB-2016.1232 Original Bulletin: https://support.apple.com/en-au/HT206566 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2016-05-16-3 watchOS 2.2.1 watchOS 2.2.1 is now available and addresses the following: CommonCrypto Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro's Zero Day Initiative Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed through improved locking. CVE-ID CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVzqkrn6ZAP0PgtI9AQJDoBAAj/P4Y/xMEpuYfkGkGN5qJOADcXxxSB/4 BHMxzfDeNEtpDOEd6bYyKPHX0263dY/MYH+3ZcSivJdAkd/qethhrtRRER0SZiio 7faU9sB8dNcKgnWCPj6pUVQh7b2lER3Bn2vj4YXfrlLqWbLGigej4LQ+M+CDwFK6 YjufkqFywzHtLTRFxpi95ql350cOQSlztPNGvLl+Hn0SaSbJ/m6uX3X7U/gqT1AK oe0WPJlIc4zRBHtNRM0b/lNSBeSYtcON4cp4J8UkbiEF0s0iZE4kQd7xzlkEl3lH ZlN22MqNLaK/eaI6yHSM+zQaxGXDTcoq9zL1tzISlE2VjXxOpUkLPj2mO1sMAqzw tVkxoingx53hmhPTm4yGkIsUauzNMq83n93NbtWnMUapipAvCQoFxiZHyW9UYvkx BlIC+i2pu9IvHuTshfYai+tMInyLGdMoHlElOdEpH1GebLgw6tqsZS1cj2ESn71Q CAsydzGLAksqAJuwyPwg5v3EtHVBKk1rZ/PK1sGTWY5obc1wUXOQVux5BWFE8CDS 0Rq9iLuVSRTozWlPIbRdsj3KYHNkzDl1xwpRkpcUrXzEDGKz3u+7OiVErNn9+Xzb NtRakIipu0lCPMgy82rSQOzjT2l9aKWMNGP7YNm77s1hWpgbY+4cvqHRtk5PwEnq EHgNawtWTDU= =Bm3r -----END PGP SIGNATURE-----