-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0197
                               watchOS 3.1.3
                              24 January 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Mobile Device
Impact/Access:     Root Compromise                 -- Remote with User Interaction
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-2370 CVE-2017-2363 CVE-2017-2360
                   CVE-2017-2352 CVE-2016-8687 CVE-2016-7663
                   CVE-2016-7662 CVE-2016-7660 CVE-2016-7659
                   CVE-2016-7658 CVE-2016-7657 CVE-2016-7651
                   CVE-2016-7644 CVE-2016-7643 CVE-2016-7637
                   CVE-2016-7636 CVE-2016-7627 CVE-2016-7626
                   CVE-2016-7621 CVE-2016-7619 CVE-2016-7616
                   CVE-2016-7615 CVE-2016-7612 CVE-2016-7607
                   CVE-2016-7606 CVE-2016-7595 CVE-2016-7594
                   CVE-2016-7591 CVE-2016-7589 CVE-2016-7588
                   CVE-2016-4693 CVE-2016-4691 CVE-2016-4688

Reference:         ESB-2016.2927.2

Original Bulletin: 
   https://support.apple.com/kb/HT201222

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2017-01-23-3 watchOS 3.1.3

watchOS 3.1.3 is now available and addresses the following:

Accounts
Available for:  All Apple Watch models
Impact: Uninstalling an app did not reset the authorization settings
Description: An issue existed which did not reset the authorization
settings on app uninstall. This issue was addressed through improved
sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro

Audio
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent

Auto Unlock
Available for:  All Apple Watch models
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

CoreFoundation
Available for:  All Apple Watch models
Impact: Processing maliciously crafted strings may lead to an
unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher

CoreGraphics
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM

CoreMedia Playback
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories

CoreText
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk() of Tencent Security Platform
Department

Disk Images
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative

FontParser
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk() of Tencent Security Platform
Department

FontParser
Available for:  All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall@gmail.com

ICU
Available for:  All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: Andr Bargull

ImageIO
Available for:  All Apple Watch models
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team

IOHIDFamily
Available for:  All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz

IOKit
Available for:  All Apple Watch models
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: Chen Qin of Topsec Alpha Team (topsec.com), @cocoahuke
CVE-2016-7612: Ian Beer of Google Project Zero

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad

Kernel
Available for:  All Apple Watch models
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)

Kernel
Available for:  All Apple Watch models
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero

Kernel
Available for:  All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero

Kernel
Available for:  All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7644: Ian Beer of Google Project Zero

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero

libarchive
Available for:  All Apple Watch models
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher

libarchive
Available for:  All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo

Profiles
Available for:  All Apple Watch models
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)

Security
Available for:  All Apple Watch models
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: tan Leurent and Karthikeyan Bhargavan from INRIA
Paris

Security
Available for:  All Apple Watch models
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)

Security
Available for:  All Apple Watch models
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple

syslog
Available for:  All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero

WebKit
Available for:  All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple

WebKit
Available for:  All Apple Watch models
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWIalJYx+lLeg9Ub1AQgWxg//Sq525SYTrLQdNIHowL+HBuLhqYl4gK5Z
l4s83jSkpdJKMW3sRy4e9KkkmQncBQ/si7CVXn8trcwLYtRi6scEc0XPdwWwuTbP
8oqQLkLZjwXUFPrCdpFiFN5ONAdibzYaJLM+mCDiSLCSjtxwSP/9CziVsU17YWNW
/fWBoOVJwTNjEc7gm0OL2Hp6nrFoqlJuRJsS0+enwz1Pjt9FOL8XwA5gnh6xdbbL
HxlNs91DaieB41dqKmeDzcT7yMRgWzx2ilqAa/Y8zhZH4KBMnZHJFsUnX3sGxvxA
k1wL9W+C76auhjdQYATIvtE4IQUAmQYh4j3ZLNZ06e+aPypjBxUrDFNxEYcSLtes
wijXOzLbPnPKEl7gvIahkicWl6ifUNd5LLHqZHsTAMGkx4/fNIkyXXAU0AS6KVKL
g+IVH82bqPLZs1svpY9AYFGFwSTmG3mFLukkpUHMA4Cgh9Gus4igzAEZitGFmy9t
fEG4945E9nBADvaZ6ajWk+mCd65Ntg2D0shEw3lEjK4B0RxZRj8nB2KgE+cDnVkY
6BftfSjylJnJt4w9ehumRTk9FAKPjyPoKSgrMdkrpjT4Utz2MqyIENbp+4MHR/99
fQyiu5jOQ3TOSjezhzFUBPi4tFxts+UhTDNRJjfzUc8czPIS2RLvLiUTTdLrxq2J
hAokLsWfhJA=
=cn+Q
-----END PGP SIGNATURE-----