ESB-2018.0238 - [Mobile] Apple WatchOS: Multiple vulnerabilities 2018-01-24

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0238
      Multiple vulnerabilities have been identified in Apple WatchOS
                              24 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple WatchOS
Publisher:         Apple
Operating System:  Mobile Device
                   WatchOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4100 CVE-2018-4096 CVE-2018-4095
                   CVE-2018-4094 CVE-2018-4093 CVE-2018-4092
                   CVE-2018-4090 CVE-2018-4088 CVE-2018-4087
                   CVE-2018-4086 CVE-2018-4085 CVE-2018-4082

Reference:         ESB-2018.0236

Original Bulletin: 
   https://support.apple.com/en-au/HT208464

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-3 watchOS 4.2.2

watchOS 4.2.2 is now available and addresses the following:

Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and
Taekyoung Kwon of the Information Security Lab, Yonsei University

Core Bluetooth
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team
CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team

Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2018-4090: Jann Horn of Google Project Zero

Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A race condition was addressed through improved locking.
CVE-2018-4092: an anonymous researcher

Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4082: Russ Cox of Google

Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4093: Jann Horn of Google Project Zero

LinkPresentation
Available for: All Apple Watch models
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)

QuartzCore
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
web content. This issue was addressed through improved input
validation.
CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day
Initiative

Security
Available for: All Apple Watch models
Impact: A certificate may have name constraints applied incorrectly
Description: A certificate evaluation issue existed in the handling
of name constraints. This issue was addressed through improved trust
evaluation of certificates.
CVE-2018-4086: Ian Haken of Netflix

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4088: Jeonghoon Shin of Theori
CVE-2018-4096: found by OSS-Fuzz

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpng7kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaXoQ/7
BjxNf3VDcmJJo5kOl/HK1W/pjwEGpoE/UN/PiMii/IyAhnHRUFZqHtDDZpl7WU9v
EKYFSuK6JPkiYfT5cx5jQzw54x2qR7g0r8E2MmsnrlDkMyF/ucj93FEiBJqAIzTn
uPYa5rV+rZLBhuERjyh69u0oXciklxkjtl1z7Gf+eL/GJWmOtcwrvnmiKPwTLHld
tPmxJ1YHM7360rQ11zSB0wmZzOBO187Y3FrwqD7VH1woeWmt0Wkv+k7I6Z/6E4pM
kniC001tlPAuW03OwXWtgp1gNCIz7MyHLpw93mRoyHabAy6puTpDJEmAQWIpMzbP
uiZDpcn7grclubTetkDy4WmbuVvSTSOuOjseZlqaJ6l9vZv2bnOfT7M9mRRHxsns
Rt1X/F1EgMNqcS7FnnYFqiun1fX1fEiyJedBa7FuN1HTIIFtx5ehMnqlxyd+yy3+
tTt55pW/KWY6+fRDKWMobyHYSBR75kdSVKGLLQEahkwOZnKOjgHaaaH5XZCRUbCg
u0wuHvhDahUsEEYEpgrlwDyFniLeMTfpju22FPx6DhPzbAEGszCRI5tnHLGk6Tza
EQnH9hEaSqIgTgrYHyYtK6Gh/U73pAC2XVfUDPNHpnyNTx055cSL/VZxq+KHe3Xh
2ncf97zYLPAMudrPRlzNy04cwqE7aNTimcDd0WENk0o=
=afZh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWmfJ/Ix+lLeg9Ub1AQh8NRAAkuAA52tLeKl6/7zXWIholKJ49ZKBU7X1
PFQ8P8oXcwrZpSBWuTITftB58BeO1Hu0yCI6i7mRHHabUYbFnthGUndh9bzFdjpw
05kTmt393M9fW0v/YF0UBzXrJH4GeqyL5XoNczi3G0y/D28oQOC+/A5on9fmQPyo
4Pi7lRDEINEOxgJ4IWdHq4MEPvcFEMmub2vExhc+JPYNvjm72FjgoMp4QJkh8bWM
Tkvv/q2HmuvqmVq4Trh+bIihfpjSCYcN8hbP3hWMsCIQPwLJOaKFJN8CAgyKLlI9
rg6mEoWSNEVV6iO9k7NQ3IaQO9FAfaD4PjMSyjNaHTmxdQsZ58WMj5UMIEBKzUGv
jfWLRkG2F6wh609vjxslKJ5BGrUuiAgS4lOi/IiB9Byp+/DDmIQ8r9rUqWOglEJr
Cw3NOQcxgeUHEKgT03VrskxS22I+GnidMDCreE6wtrS+WQUkc4OmuY+Pwa6oD6Ms
x5yL9cQ4aRMvBzTaNG0Ryp1GZyjlCzuVPEfkY3iP8Ib2/fbN/RwtXNStACmPtk94
onKBd7WxYh/+Vhgny3rD2cOcA/bLS7Z5qyx6QFV3/lm/jvHWoEVlb2ivEHT5UVue
dswrwfgqmuJXmCt7R3RM5mtVo3v9Nhs99oPunIEbkqSAtDiKFWUIvE+ehXEF6qCt
ajl0eh2U954=
=tW6Y
-----END PGP SIGNATURE-----

« Back to bulletins