ESB-2017.2766 - [Mobile] Apple Watch: Multiple vulnerabilities 2017-11-01

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2766
                                watchOS 4.1
                              1 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple Watch
Publisher:         Apple
Operating System:  Mobile Device
Impact/Access:     Root Compromise                -- Remote with User Interaction
                   Access Privileged Data         -- Remote/Unauthenticated      
                   Modify Arbitrary Files         -- Remote with User Interaction
                   Denial of Service              -- Remote with User Interaction
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13849 CVE-2017-13804 CVE-2017-13799
                   CVE-2017-13080  

Reference:         ESB-2017.2638
                   ESB-2017.2620
                   ESB-2017.2600
                   ESB-2017.2599

Original Bulletin: 
   https://support.apple.com/en-au/HT208220

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-4 watchOS 4.1

watchOS 4.1 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-13849: Ro of SavSec

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13799: an anonymous researcher

StreamingZip
Available for: All Apple Watch models
Impact: A malicious zip file may be able modify restricted areas of
the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.

Wi-Fi
Available for: Apple Watch Series 1 and Apple Watch Series 2
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8ApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZo5xAA
jTpaachkUVY+9IK5oKi1gR0QsjZJpbsVU6D18UxiborH6KGtKesBzP4Rp+a2rpwV
6pXfIZUftel/fnvKb6EL7r36jZdg+tCxvS+eNYb1BcbHgw7Z4jmbmHTw8NV3fQxQ
GCdzvGhWm3C2saYPLrHBjBFZqpBPy55VNiZmJgvKEULUMdMSozWoKXeJ3r1bThgC
m8GxhLiAPs+F9vTbWGOF/+hTPJrk8Lpej39JHPDg8TCXYWFEUDVvO0hIR/cAW9O0
9LgDzb9JimSUOjFKQ+ujjd//mrZUG59s3eX5ObJPLQCA91ERLWhEFX/KSnCRsFTc
jIJExuCtYDHvL6a3nC72T/uNjlFvqafd9C+M+guIaKP+U5+5inDvqqJj+i4EOTQh
KZSKE+m1PHf0IFn0JSlBIl6zwSKBXj5Tao3YBKjTgJfzBuNk3KUpzvufm8PDkRm3
j9GjURbXTomppOcAosH0j9Zx4DxMBjde/8/jYESKc/YnYyQ3naQgXvzpAEUf+/jO
u0r6TXLOxOLDFtVZ3KHTpM6pX1tN+rjGtqflcPBWnXx7yz0j3Z1jNumGe1aeSKUJ
oQ26Hr4VqsCplVZMXPoGYWt4ap96MZP/nN2PqeY8utGOHjHcFYix/DtzBWa5pZXR
f/XPMkH1w9gHGkddcTeevQ7O5mk3c0zKItv0xACL32U=
=QWYU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWfla9Ix+lLeg9Ub1AQgegw//UvjXWSfQG77G+yDEmsL2rlawVizP4AdL
oWfbFiv47IKPit8l6ETusTO7UUpcziDEEixGEueAqbo6x5DljDYhCA+7NO//16Y0
44e+HaZuEQl5P4Ld2qBrFI8b9ZLtOqEHVEuCLpbeHwL9eyT9TsXTh/XkjwKcglvm
bcPzdnX5dYl6Naj1uXlL3x+MvEncTCLONIPZ6YlgChqXt5V6zIwqVTRaltCeLE8Z
TD6+UlkaPO8byblODgmh0g8hnTUTOBzAsO2mnpr/RCXK6z3xATXn5VZtHedGGZr9
RsIGKrvJvrUD/9k2gBLqo664O9ugJF+1wRRboPm+qLlgi8WNd00YRgBRYZJGiqJQ
+oum1P7XODszbP0JYDME/FuUlvlB6JMWN4nhuIIFPKXU/3zny2AIUXmXgwMGnhN3
I8Mk2pSEmcCHYw3UHZgF+IynNTZ1mOLwoHbYRYLJrs+0M6sMWULprPq3WKpB5pZn
nYdXCfxb19Hj8Aj/WkTRKHWspzm1Oc67/cJJ6yrnFXv+POktuoEqOpfc5rPAh2b9
S2lsNDQviTwOqoJTobh03K84L7TvkP7Q2K7Fbui2lOgeR65Z4nZmCwNKchl4mNTX
r1a9qrxwylAPOeZRlfM8ayuMAcD/2Nq1H86XVnWZ2S+BBxeYkkChXvagBU6x5kiN
6yQVKbsNLls=
=xq5n
-----END PGP SIGNATURE-----

« Back to bulletins