Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3563 watchOS 8.7 21 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple Watch Series 3 Publisher: Apple Operating System: Apple iOS Resolution: Patch/Upgrade CVE Names: CVE-2022-32857 CVE-2022-32847 CVE-2022-32845 CVE-2022-32844 CVE-2022-32841 CVE-2022-32840 CVE-2022-32839 CVE-2022-32832 CVE-2022-32826 CVE-2022-32825 CVE-2022-32824 CVE-2022-32823 CVE-2022-32821 CVE-2022-32820 CVE-2022-32819 CVE-2022-32817 CVE-2022-32816 CVE-2022-32815 CVE-2022-32814 CVE-2022-32813 CVE-2022-32810 CVE-2022-32793 CVE-2022-32792 CVE-2022-32788 CVE-2022-32787 CVE-2022-26981 Original Bulletin: https://support.apple.com/HT213340 Comment: CVSS (Max): 5.5* CVE-2022-26981 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-6 watchOS 8.7 watchOS 8.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213340. APFS Available for: Apple Watch Series 3 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: Apple Watch Series 3 and later Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow issue was addressed with improved bounds checking. CVE-2022-32788: Natalie Silvanovich of Google Project Zero AppleAVD Available for: Apple Watch Series 3 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for devices with Apple Neural Engine: Apple Watch Series 4 and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Audio Available for: Apple Watch Series 3 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: Apple Watch Series 3 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) CoreText Available for: Apple Watch Series 3 and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: Apple Watch Series 3 and later Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: Apple Watch Series 3 and later Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: Apple Watch Series 3 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) ICU Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 Kernel Available for: Apple Watch Series 3 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0) Liblouis Available for: Apple Watch Series 3 and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: Apple Watch Series 3 and later Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: Apple Watch Series 3 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: Apple Watch Series 3 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Software Update Available for: Apple Watch Series 3 and later Impact: A user in a privileged network position can track a userâ\x{128}\x{153}s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative Wi-Fi Available for: Apple Watch Series 3 and later Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Additional recognition AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p rhjSsg//XnukSPtKHk58IOSkcWaTk0WdrYv2+dGbdgkcPBgO2ehNQqk1xI3LDHLN b6A5MMaoR4ityTEC+i4XFWxVJNfzXFa1SHMiht1uJDtaNCc2F+VIP+EZJx2KYe7H O8F0g9lF33hQE3xDjrwtPe+7wYjfzgDX8iCbsfaNDPAWBq0BfNA8/4bv5GzPaPC4 qcP+W9IRb11yAzlnCEgJNhMB0SLwtzpcUYLKcJbPdilABeYe08CLIIVAw2vKI1Kk J7sk/ZiGKnB1ZHa+fl17ahApKkLePnFtHR9rMseEpyRbPa7EvomZxUQoLvbaDf+Q gRqtysAw8oxfhetorvDFwAem3eCRdgJ/T/0U6jC+4dfHzVnGxV27K/PgF3GWRDU5 trPVZ0cu8qdzgNAwSuRHTxTg923FN7cR14NL66TkGZ1d/VKfn1l0h1wctoPOhHPR zWJi5P8WbprG1XVWNx+aJYW09VIMsujJrrGQSn78o6gXOR2salEDiCs2JixKZnqK CV4+uGQIiE8bD0oA1B1uFQiPx3XtgOY92QQl8Jnn/7Xa6QQ0hq/3NmDN66RzO78S I4pH4Vt/L0LNoArGMCrO4URpLiQx5Au0niH5+jbvHyWr1Bm3Y+dMRP1yds3aLQ0Q 16FIrWStzY+cnmOXQKczTIiaJYuSMjCOQicLuWx/q2ghfLCJ16E= =6Uj+ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYtj6T8kNZI30y1K9AQhF1A/+JvSQ81JC1VbjIHsIi5YMvFICDhR6AjDv CCcd9YyXLsXz91M//7JdvSpyIRW4bjdt4p5tWgTEMBDE0GKWhEGCqAXhxQUUglOc nfRNAtQ2sPoyUSqsVYXE9+4ktvTOIHD026Pe9qWIksY4TYTDNMWiI0gQ27a2cjY3 6xaQ0gof3uZa5YoT/RckE8qq8wFbptOPG86LNxyOWzlnjyf1jeJZI9t3Z4BLcN+d 6beDOM+VY0jO5CmGq8XFaDZ475fBzyVM3TAUQMjLKcyC5cHCGEwBYMhtuY4/XbxM 7dOCpst7B2SSHOj/kJzf2jV9PKJIREjvsgk+uy8sgiss88LXKgR4j07N7WQsscf6 1KxWUKUvnjZT5UZWkL1q1j7V7/GyzG1NVv+k8099HdhAE0i98rSXyxhdD3svnfi3 VIaRGuRpg7DfbcwBtf6qKfJYuUVBCqkyNCHsOhi0EvK7kTL3oyylPMtpuXMozvFY K3xWxqYY/OL3q3tGMRkV0gYlS2f1G6cJZwsxXvZ7dyanVqwRJKGJumpHwIoPQ0Oq 7KAOYJzq+lN7CkRWTNu5yOBH3WEqP/Z5z3yyVawVjFlhJGNCCCOH7GWeeKv2otSB +WIZ5bcVXrVMnXZOtst/3UIT/l6KFaxe7inEIlkXUvFklCubuWpn/2jQo4C6Xfah iqqnoqApR68= =77S9 -----END PGP SIGNATURE-----