Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0197 watchOS 3.1.3 24 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Mobile Device Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-2370 CVE-2017-2363 CVE-2017-2360 CVE-2017-2352 CVE-2016-8687 CVE-2016-7663 CVE-2016-7662 CVE-2016-7660 CVE-2016-7659 CVE-2016-7658 CVE-2016-7657 CVE-2016-7651 CVE-2016-7644 CVE-2016-7643 CVE-2016-7637 CVE-2016-7636 CVE-2016-7627 CVE-2016-7626 CVE-2016-7621 CVE-2016-7619 CVE-2016-7616 CVE-2016-7615 CVE-2016-7612 CVE-2016-7607 CVE-2016-7606 CVE-2016-7595 CVE-2016-7594 CVE-2016-7591 CVE-2016-7589 CVE-2016-7588 CVE-2016-4693 CVE-2016-4691 CVE-2016-4688 Reference: ESB-2016.2927.2 Original Bulletin: https://support.apple.com/kb/HT201222 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2017-01-23-3 watchOS 3.1.3 watchOS 3.1.3 is now available and addresses the following: Accounts Available for: All Apple Watch models Impact: Uninstalling an app did not reset the authorization settings Description: An issue existed which did not reset the authorization settings on app uninstall. This issue was addressed through improved sanitization. CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro Audio Available for: All Apple Watch models Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent Auto Unlock Available for: All Apple Watch models Impact: Auto Unlock may unlock when Apple Watch is off the user's wrist Description: A logic issue was addressed through improved state management. CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd CoreFoundation Available for: All Apple Watch models Impact: Processing maliciously crafted strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher CoreGraphics Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM CoreMedia Playback Available for: All Apple Watch models Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk() of Tencent Security Platform Department Disk Images Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk() of Tencent Security Platform Department FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com ICU Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: Andr Bargull ImageIO Available for: All Apple Watch models Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team IOHIDFamily Available for: All Apple Watch models Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz IOKit Available for: All Apple Watch models Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: Chen Qin of Topsec Alpha Team (topsec.com), @cocoahuke CVE-2016-7612: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad Kernel Available for: All Apple Watch models Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC) Kernel Available for: All Apple Watch models Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2360: Ian Beer of Google Project Zero libarchive Available for: All Apple Watch models Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher libarchive Available for: All Apple Watch models Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2016-8687: Agostino Sarubbo of Gentoo Profiles Available for: All Apple Watch models Impact: Opening a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation. CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com) Security Available for: All Apple Watch models Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: tan Leurent and Karthikeyan Bhargavan from INRIA Paris Security Available for: All Apple Watch models Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com) Security Available for: All Apple Watch models Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple syslog Available for: All Apple Watch models Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved state management. CVE-2016-7589: Apple WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2363: lokihardt of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWIalJYx+lLeg9Ub1AQgWxg//Sq525SYTrLQdNIHowL+HBuLhqYl4gK5Z l4s83jSkpdJKMW3sRy4e9KkkmQncBQ/si7CVXn8trcwLYtRi6scEc0XPdwWwuTbP 8oqQLkLZjwXUFPrCdpFiFN5ONAdibzYaJLM+mCDiSLCSjtxwSP/9CziVsU17YWNW /fWBoOVJwTNjEc7gm0OL2Hp6nrFoqlJuRJsS0+enwz1Pjt9FOL8XwA5gnh6xdbbL HxlNs91DaieB41dqKmeDzcT7yMRgWzx2ilqAa/Y8zhZH4KBMnZHJFsUnX3sGxvxA k1wL9W+C76auhjdQYATIvtE4IQUAmQYh4j3ZLNZ06e+aPypjBxUrDFNxEYcSLtes wijXOzLbPnPKEl7gvIahkicWl6ifUNd5LLHqZHsTAMGkx4/fNIkyXXAU0AS6KVKL g+IVH82bqPLZs1svpY9AYFGFwSTmG3mFLukkpUHMA4Cgh9Gus4igzAEZitGFmy9t fEG4945E9nBADvaZ6ajWk+mCd65Ntg2D0shEw3lEjK4B0RxZRj8nB2KgE+cDnVkY 6BftfSjylJnJt4w9ehumRTk9FAKPjyPoKSgrMdkrpjT4Utz2MqyIENbp+4MHR/99 fQyiu5jOQ3TOSjezhzFUBPi4tFxts+UhTDNRJjfzUc8czPIS2RLvLiUTTdLrxq2J hAokLsWfhJA= =cn+Q -----END PGP SIGNATURE-----