Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4628
watchOS 6.1.1
11 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple watchOS
Publisher: Apple
Operating System: Mobile Device
Impact/Access: Root Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15903 CVE-2019-8856 CVE-2019-8848
CVE-2019-8844 CVE-2019-8838 CVE-2019-8836
CVE-2019-8833 CVE-2019-8832 CVE-2019-8830
CVE-2019-8828
Original Bulletin:
https://support.apple.com/kb/HT201222
- --------------------------BEGIN INCLUDED TEXT--------------------
APPLE-SA-2019-12-10-8 watchOS 6.1.1
watchOS 6.1.1 is now available and addresses the following:
CallKit
Available for: Apple Watch Series 1 and later
Impact: Calls made using Siri may be initiated using the wrong
cellular plan on devices with two active plans
Description: An API issue existed in the handling of outgoing phone
calls initiated with Siri. This issue was addressed with improved
state handling.
CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL
CFNetwork Proxies
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team
FaceTime
Available for: Apple Watch Series 1 and later
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8830: Natalie Silvanovich of Google Project Zero
IOUSBDeviceFamily
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8833: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8828: Cim Stordal of Cognite
CVE-2019-8838: Dr Silvio Cesare of InfoSect
libexpat
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted XML file may lead to disclosure
of user information
Description: This issue was addressed by updating to expat version
2.2.8.
CVE-2019-15903: Joonun Jang
Security
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8832: Insu Yun of SSLab at Georgia Tech
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8844: William Bowling (@wcbowling)
Additional recognition
Accounts
We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and
Tom Snelling of Loughborough University for their assistance.
Core Data
We would like to acknowledge Natalie Silvanovich of Google Project
Zero for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
- ----------------------------------------------------------------------------
APPLE-SA-2019-12-10-4 watchOS 5.3.4
watchOS 5.3.4 is now available and addresses the following:
FaceTime
Available for: Apple Watch Series 1, Apple Watch Series 2, Apple
Watch Series 3, and Apple Watch Series 4 when paired to a device with
iOS 12 installed
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8830: Natalie Silvanovich of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfCCJWaOgq3Tt24GAQj1/BAAzeLumDq30AQtesWxJQa5LpVpBlTQINEr
eqARHH3b2LCgtLPLo2oKHF8mXAY+SR6zfLc9z6Bq8q2EkW10170RdqbXmrfxM98K
cICD/cYj1uhnO9Ot6qjbgfNos9aQHDXiZRxhlNasRrBtKkdCsw36JuJFuxl5KXEm
yd1imeSbq3/3TKh9fGJyWo/0op9cz6n9/qr4Ky2LMuBactbiuweo0QwlGVGPmf04
7G6kqIF9E6JD4oe4FhLsilHGuTmusdQIJGVtW5LZxbaCw9ZFqjuMBhjVb5Tsa8xp
MwELgYSPQqFL1j/MXVPtF2jmfhSpEBAaeRgFx4ScD9Zlplki5CM5GmOgMtXjSCHe
p7jU+PvWGtmnW8FEQYDeRa0Irj6/+2JIDlAovFjIYoZ3QX6oYzhSZoZCz8Xtkxbb
vbx1TUoXFzE7qeaXfFAZKRnzUTrK866RzXomdXdHWD8NEi83f52C5aV7SbyPLGhU
wsQKYE+Q5+XoXohk7bm6Z0wcGEshqFElgd1rfsvRjZPCX0E6dRHgN/rK4sVK0d3r
Hm3rh76o23WKs33dVjUsQndmauadEzwCJHRsS07tS3e2phFNawlzKe/ezEGmU8vg
nFyazB567/tjAYNgqiGGg5hhXV5YdTi9kOqfv2kiFzuLpCySzC4j2YE3pn4ykoJT
P8HgZYG62/g=
=edNy
-----END PGP SIGNATURE-----