Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1032 Apple watchOS 5.2 released 29 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Mobile Device Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-8563 CVE-2019-8559 CVE-2019-8558 CVE-2019-8553 CVE-2019-8552 CVE-2019-8549 CVE-2019-8548 CVE-2019-8546 CVE-2019-8545 CVE-2019-8544 CVE-2019-8542 CVE-2019-8541 CVE-2019-8540 CVE-2019-8536 CVE-2019-8527 CVE-2019-8518 CVE-2019-8517 CVE-2019-8516 CVE-2019-8514 CVE-2019-8511 CVE-2019-8510 CVE-2019-8506 CVE-2019-8502 CVE-2019-7293 CVE-2019-7292 CVE-2019-7286 CVE-2019-6237 CVE-2019-6207 Original Bulletin: https://support.apple.com/en-au/HT209602 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2019-3-27-1 watchOS 5.2 watchOS 5.2 is now available and addresses the following: CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher file Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Foundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Gro=C3=9F of Google Project Zero GeoServices Available for: Apple Watch Series 1 and later Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team Kernel Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Gross of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Messages Available for: Apple Watch Series 1 and later Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8548: Tobias Sachs Power Management Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Privacy Available for: Apple Watch Series 1 and later Impact: A malicious app may be able to track users between installs Description: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited Siri Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabas of University POLITEHNICA of Bucharest, and Razvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8518: Samuel Gross of Google Project Zero CVE-2019-8558: Samuel Gross of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Gross of Google Project Zero WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXJ1Z0WaOgq3Tt24GAQghwhAAkk652XbeKxPizituJHmboconEusRo/Qz mHcffj62Fx/ztco7loK+SURy5ufNNmqYubfJeAEJUiTu5flk0RCRFhanYoVSEwLI GT08vEn/nzUOs+AZKzPZsK/CcrBdcCYpWuliLRQAf1a2e5ALlLklpTYEHEMKw89x 19W+FQkkYLGIg6zU1298Us+Jbyh826oRtqWIeZf0X9CVxiI9qNKQdhMQFyYBYAUI 0JoIunz0BzWqWiWAaX6NNgedXxwZXcUyMQlvcU6p7HBsQksz80rqwUezhJv0vxnV 1loBsGfQtmodK5muQHcuDzt6Yf3V9QSVanKI5FnFT/uz507uigFinbnvHROYKI3c Fz2NM5rFerrEcF32IVII+5UCdfGC2D2322amRh2fNU/wt27M9sYQf0gkb+o9eWS9 cbShmNFun3ecAywV0zWe7Iq1jtns1uffydjCJBduvqPzId9AkqEE3cpfedaG5Yvl 5HwiwN/oVZdMIDcKLK2SRc8I4YUsf3lODB9K0M5+XaPwninLWjNAwAb758904bKT WpXc8PLTPVujfXBiaykYxABcJYXNt9Sij01D/43PsXb6HmBHwgACa1ntlObIwxRG fh5PLJ9pZDlM/JfuthruUdP/8JAOW5sP/l2KPQC7ZB6CJ2zruE+PtZkegWmZw8hl iZ+dv7T1rqQ= =ALOd -----END PGP SIGNATURE-----