ESB-2018.0503 - [Apple iOS] watchOS: Denial of service - Remote with user interaction 2018-02-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0503
                               watchOS 4.2.3
                             20 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4124  

Reference:         ESB-2018.0502
                   ESB-2018.0501

Original Bulletin: 
   https://support.apple.com/en-au/HT208537

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText

Available for: All Apple Watch models

Impact: Processing a maliciously crafted string may lead to heap
corruption

Description: A memory corruption issue was addressed through improved
input validation.

CVE-2018-4124: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJaizCFAAoJEIOj74w0bLRGHOQQAI/8+maAAaJ4FVj4c4jpHx2l
8h6Jp1u4fa/buEeOaNKbTegSm1HEbBbvaD8J9s238dXyoiiyut4R0x3iwiimsZ8R
QUJn9CoysNzCKlblsudmxSsODLLodx+k+KN/CkrT9ujTgf4UgQUFRsQzzZ8i3CiO
bgfc63k94vPpRrYVQXz5nvZR5bBFqw/DOhJRFQy3d6+pg1h9yKZwM8hn+Ywd9imN
e0Pd+a8LwUZiUotQiB799UErsSt2KoU23Wjq24ETIGgg2e4L76bpq6Tguzc37ea6
xMUVlZvh0ZIC8h+QnUPShnr4F2wHNcdLujQRnl5r/ufQRh6e+XRuaDqg5qNDmUwd
juEMJcJLUfcGKBmQCVyBnJFLi885ZAWaWzvthuOkuJY4eNqfwwodxB3YZnH55Qhy
bN+GVjpJCyzM9v8IhXumpVe7x4cI0I14mhJKCQJOK0jKsm3QgYpvsp4Yu/JTHjrV
WQMFngCfy5Vx+20RTH9tT6wLqtMoyA8cwxViR5xU82uq+jY7qY1yWuCZRVRfRs69
o11PmA3kXm2JqXF6xLTZER9lCis3E8se149myw1Qe2XimrkIHRYkkyZwMxBckLty
epbtXiM6zs+i9wTcdM4rGTHcw3fAPYcas4OpnLC9f1yve1SfCyMFhSvEZ7LzjG5q
eAB9cTArNP6m8zaLmNV+
=4LGh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWour0Yx+lLeg9Ub1AQi+ZQ/+Oeb6YN7bYJmBsicat2AXbIXM1aTmo/lY
miriDlY8Ob9KimzEaGPnUxWLSeDCiRENMO6atK7XCEkdWsakuR/KoDCNwKoebcE8
2xRVuNajFRArx8VSrI3f5TrxTEPFpazIi6RwS3hrkcROLc8yzzdRceKGSFkB/1d7
xdWd5m/tIRqQJX36dPQM7zeBLCyR+6FSYiirJDm7N+cXD7yuxkEO+386NHwri0Dx
SYixY8vM+dj97vTw/hZJeuRJS4Hz5/H4YOY22eVo55XCExY8clO+y8i67JFQ6Ot8
/GTGJAMlxriVoqNioZ85I7VjCH3NzB5b8Gysz/eYz5DPFb8OiMaeSIpRcYg9v0k9
h05DJUPn2JnV7RepZfWDxvQ/7uLD/vlxGcpI7qKxw9A0gWI60tDox8Op3C688oJo
vJy4n4z2xpGC720EBpPq3YFZzEWNbo/7AjvzCrAhv/NOoM9MU0seVqYspKAG2U4H
7UJqnxUNRnBE5IyFok+mQ+parxT4An7nfuzeRRaqLngufYm7sRWY6yUXuekXWdYO
kz1L+2rv8LJAGWCt0UgEK3jSHfIGkLokDpk37ELtFxDiTpcZLZx6cCB+u0uI/bEV
OK2jHzkyJ42pxA7zrZK/9/lkrBvKKHZ0//huS/5DyZ+f2gMkN1/GmAQrlvc+Zgkm
0Zdt11N7Fz4=
=d/MG
-----END PGP SIGNATURE-----

« Back to bulletins