ESB-2017.1776 - [Apple iOS] watchOS: Multiple vulnerabilities 2017-07-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1776
                               watchOS 3.2.2
                               20 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Root Compromise                 -- Remote with User Interaction
                   Access Privileged Data          -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-9417 CVE-2017-7069 CVE-2017-7068
                   CVE-2017-7063 CVE-2017-7062 CVE-2017-7047
                   CVE-2017-7029 CVE-2017-7028 CVE-2017-7027
                   CVE-2017-7026 CVE-2017-7025 CVE-2017-7024
                   CVE-2017-7023 CVE-2017-7022 CVE-2017-7013
                   CVE-2017-7009  

Reference:         ESB-2017.1686
                   ESB-2017.1685

Original Bulletin: 
   https://support.apple.com/kb/HT204641

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts
Available for:  All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

IOUSBFamily
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
CVE-2017-7026: an anonymous researcher

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7023: an anonymous researcher
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for:  All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher

libarchive
Available for:  All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-7068: found by OSS-Fuzz

libxml2
Available for:  All Apple Watch models
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7013: found by OSS-Fuzz

libxpc
Available for:  All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero

Messages
Available for:  All Apple Watch models
Impact: A remote attacker may cause an unexpected application
termination
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7063: Shashank (@cyberboyIndia)

Wi-Fi
Available for:  All Apple Watch models
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi
J4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ
0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+
6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8
mVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6
jv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE
K1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm
GE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx
hR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6
jtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi
zrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb
QvBYRDybEp8yUkxd8seM
=Ci3F
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXA7cYx+lLeg9Ub1AQidLw/9GfSuwryTMI2Xy+5TLVGANLlxvA1O31Iw
gfew0Wabe2WuKhTVhW6pR5sUELgbgEW266L7Ur0PXenjfhP4dPE9mp2ykdymeEjD
+H1X+DO42Buq3vnaIEC+TG55U5iPG/Ja5fqu1gFPcZscQoFh80+xAQBRDR3j9JXk
0q1d3pQuiW9vSSlpqdmDzBzB8h2wLy1fygNgRm1wJzDFPth//Z1g7EP4IDqiI7kM
jmfeS6BBYup/KyuolPKjKNcuEe3PT1kdHGcK6jtxHkVLmqXD0h7zThJpHhIYJi7N
iSKAzAD0/z6ckHHyK0uJlS81pIb4JWEUx8yt/+9EfwUBPYM//fripXMumnskbZFz
pZxjTIWaPlM+QbXcVx4j3tM3SDXTsvnkzB95hYiBvQop0W/6u8+sUNetC/C5nS2/
LP5Ioer5KNPKYNiuqp+bsubm2repoSigCqDGDu88fk1AVDTSfDgXGTi10NHXZy95
MImoWkZ6xz6eECW+IS0rP7aTYhyZoE193ywJqZ81gTRO6GaG2vf7H7XBzcbnjmb+
epcKUifmUVecSBmFovGSYMf/y/lj7Ev86ydiD7HH5PpFdhZPGrGKd21CxLu4FIoJ
Krx41zhOXw6sl3Gn2hy8TSLHFPz1UYuu+Nxu47sVbjSon6AlZfMPrjMogSrk24FV
CX58S21maf4=
=9H0M
-----END PGP SIGNATURE-----

« Back to bulletins