-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1234
                    APPLE-SA-2016-05-16-3 watchOS 2.2.1
                                17 May 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Mobile Device
Impact/Access:     Root Compromise        -- Remote with User Interaction
                   Access Privileged Data -- Remote with User Interaction
                   Denial of Service      -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1847 CVE-2016-1842 CVE-2016-1841
                   CVE-2016-1840 CVE-2016-1839 CVE-2016-1838
                   CVE-2016-1837 CVE-2016-1836 CVE-2016-1834
                   CVE-2016-1833 CVE-2016-1832 CVE-2016-1830
                   CVE-2016-1829 CVE-2016-1828 CVE-2016-1827
                   CVE-2016-1824 CVE-2016-1823 CVE-2016-1819
                   CVE-2016-1818 CVE-2016-1817 CVE-2016-1813
                   CVE-2016-1811 CVE-2016-1808 CVE-2016-1807
                   CVE-2016-1803 CVE-2016-1802 

Reference:         ESB-2016.1232

Original Bulletin: 
   https://support.apple.com/en-au/HT206566

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2016-05-16-3 watchOS 2.2.1

watchOS 2.2.1 is now available and addresses the following:

CommonCrypto
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A malicious application may be able to leak sensitive user
information
Description:  An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig

CoreCapture
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro's Zero Day Initiative

Disk Images
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A local attacker may be able to read kernel memory
Description:  A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero

Disk Images
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro

ImageIO
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing a maliciously crafted image may lead to a denial
of service
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)

IOAcceleratorFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro

IOAcceleratorFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption vulnerability was addressed through
improved locking.
CVE-ID
CVE-2016-1819 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero

IOHIDFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent

Kernel
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad

libc
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description:  A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson

libxml2
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany

libxslt
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt

MapKit
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  An attacker in a privileged network position may be able to
leak sensitive user information
Description:  Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)

OpenGL
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVzqkrn6ZAP0PgtI9AQJDoBAAj/P4Y/xMEpuYfkGkGN5qJOADcXxxSB/4
BHMxzfDeNEtpDOEd6bYyKPHX0263dY/MYH+3ZcSivJdAkd/qethhrtRRER0SZiio
7faU9sB8dNcKgnWCPj6pUVQh7b2lER3Bn2vj4YXfrlLqWbLGigej4LQ+M+CDwFK6
YjufkqFywzHtLTRFxpi95ql350cOQSlztPNGvLl+Hn0SaSbJ/m6uX3X7U/gqT1AK
oe0WPJlIc4zRBHtNRM0b/lNSBeSYtcON4cp4J8UkbiEF0s0iZE4kQd7xzlkEl3lH
ZlN22MqNLaK/eaI6yHSM+zQaxGXDTcoq9zL1tzISlE2VjXxOpUkLPj2mO1sMAqzw
tVkxoingx53hmhPTm4yGkIsUauzNMq83n93NbtWnMUapipAvCQoFxiZHyW9UYvkx
BlIC+i2pu9IvHuTshfYai+tMInyLGdMoHlElOdEpH1GebLgw6tqsZS1cj2ESn71Q
CAsydzGLAksqAJuwyPwg5v3EtHVBKk1rZ/PK1sGTWY5obc1wUXOQVux5BWFE8CDS
0Rq9iLuVSRTozWlPIbRdsj3KYHNkzDl1xwpRkpcUrXzEDGKz3u+7OiVErNn9+Xzb
NtRakIipu0lCPMgy82rSQOzjT2l9aKWMNGP7YNm77s1hWpgbY+4cvqHRtk5PwEnq
EHgNawtWTDU=
=Bm3r
-----END PGP SIGNATURE-----