Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2479
watchOS 3.1
25 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: watchOS
Publisher: Apple
Operating System: Mobile Device
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Remote with User Interaction
Denial of Service -- Existing Account
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-4680 CVE-2016-4679 CVE-2016-4675
CVE-2016-4673 CVE-2016-4669 CVE-2016-4665
CVE-2016-4664 CVE-2016-4660
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-5 watchOS 3.1
watchOS 3.1 is now available and addresses the following:
CoreGraphics
Available for: All Apple Watch models
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FontParser
Available for: All Apple Watch models
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: All Apple Watch models
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: All Apple Watch models
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: All Apple Watch models
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: All Apple Watch models
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: All Apple Watch models
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqaAAoJEIOj74w0bLRGL0cP/jI73SMnntaD+ciaupPvKqci
kyNAjI/pG7SEVbAlXA+stcVA38lk8MX40AaLdMaU9tx9WBc7XplCnC37F6Z5+Db0
+9yZXUi9WtTH2gc11Sbxi2OSQn0R7JA+fos47VQ7xFfppVmjP99ie55xoY4d1ksv
ocrsFNfonTTYypaFNPbCPxXfqXFv1zBb7+xe2pioHs/XJYLq8pR/hItfFoQFWFIU
5X+O2ih0/8a0xiGcwI9hSk6OCgb+tVId50FWcG5/6u6p5rshGVMpt/Foo16aLEC1
vGG0DOAaPJS9ESiG40z+kSUMk44D2sNKDdPf2mq3e9DUF58DXn2/KB8uggiU/jZ+
Dj7HjMkQKiQSu5FwvIwNap0W4TMIft6PfR9LiixAxCYux4dY9mOts8lsqCQzAr/3
9aQsIYEnNCEf1KM6CDDNGJCUmC0DGxMz9bqmU/shLxtq4gVCK4l8zbBUfcgpdN6u
xl3EDvzaR5VAvrJdPaF0mZj+L5/5lUslrYc5BSO14jgLc4bjZpXKC9EC8FsXFG9T
ytLh6/oga2NPzf+Mn8lpdUxYQl4HvASexnEmVhTxuYpwroesBKuy5C/C9B9wNPTq
GYbAttd2hPKc+BRay5ddv0XWlfnTwLV6e+mn6jEHqwaUvvR+d3+eIB1/NIQ30qEp
An4j1PJOV0RO473aVuZw
=NsnX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWA60JYx+lLeg9Ub1AQh5vQ//TFO1pu05u+OKujoeGoKI8RqlL2ebAZl2
aafwNahJVANZmtH409XVCMrYYrwJj9oPIvodTC9LC77Hpt+cs/FNYw7j7AhL+IW+
hQf8mPHhV0nXeybF3WOPKsVPqnJ/bu7uCL4CmPf0Fbk/KmAsy4n7g99rkGY2ytfB
pTaxiEvxlsVeVQ8IQR4RvdquG9IjBHIMKzobLdcWKSJ1vek+q7Nlk6q7GMZVWzks
cZRE5EqgjSptclcUDryPph4ZyvOFcpzx78hB8PixP+3N81AmqlD8jRn/rQ6QCAA+
wkUiW7Sci9BmWD3MS2khiVTB3IqkxybSK9VETrFBhCqsbNlkQAHvmVslo/JNKJfK
SGhyfO19IK4cKqgB96SGV9TrM2SDo948xcCWuRQmM/u+6dwb8s4IVf5z5dEPKrnq
l1eiikIaX0Aloyb6FRfCoHXJE27AivhZ5Lumta/1/O3mX6lIghzr06maJaAzZV8H
TEUeMRkLg2+qXtdEjYQQt1Cxij1JhahjvI5NZG7w5WY+HrrHR7W0jap5dYh65azQ
h1bZj6scL0IHKQOV9oCf52waJF1KPo5WcVr7XlmW+bJNEW5BAN7Ng3Oh1+A4i/tY
o/3jVWJ9o0qRTzMKxc6ct9Js3KjqhdzwM5CCYjRyPAf3LoV0m2qbxlMRtCBfW/+t
UzMPUSZfBcM=
=NGvz
-----END PGP SIGNATURE-----