Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2432 watchOS 6.2.8 addresses multiple vulnerabilities 16 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Existing Account Unauthorised Access -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-9936 CVE-2020-9933 CVE-2020-9925 CVE-2020-9923 CVE-2020-9918 CVE-2020-9916 CVE-2020-9915 CVE-2020-9910 CVE-2020-9909 CVE-2020-9895 CVE-2020-9894 CVE-2020-9893 CVE-2020-9891 CVE-2020-9890 CVE-2020-9889 CVE-2020-9888 CVE-2020-9885 CVE-2020-9865 CVE-2020-9862 Reference: ESB-2020.2430 ESB-2020.2429 Original Bulletin: https://support.apple.com/en-gb/HT201222 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-4 watchOS 6.2.8 watchOS 6.2.8 is now available and addresses the following: Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Crash Reporter Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud GeoServices Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to read sensitive location information Description: An authorization issue was addressed with improved state management. CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-9923: Proteas Kernel Available for: Apple Watch Series 1 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9909: Brandon Azad of Google Project Zero Messages Available for: Apple Watch Series 1 and later Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha) WebKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9915: an anonymous researcher WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher WebKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech WebKit Available for: Apple Watch Series 1 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel GroÃ\x{159} of Google Project Zero WebKit Page Loading Available for: Apple Watch Series 1 and later Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10) WebKit Web Inspector Available for: Apple Watch Series 1 and later Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9862: Ophir Lojkine (@lovasoa) Wi-Fi Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhNUACgkQBz4uGe3y 0M0E+RAAp2U0LzUJ1tDoQZsm0yUZ9aEz1BDuQXKH9wAMV+nHCa9A7PbaLqwwxbni T3jjW35hw5s5II2l4HpN2qtFbm8B2ZLrMRyFTFvlOyLtyWmn5iOPYTdT6Uf4EUgS xXtPdYJ/7lFBeCCGuVuBJ2QnJN9L2MJQFhh5Cvya2YOhxHYsRA5iPNJeehFZ1N0f 42Se8Tcn/0NXLK0+qRl0m8TLa80hQaisGLH9RPQTxCu3vaJVD0fvcQ1eOkH8ETXR dqIO4nsP2kuD8QMjC8DXo3KT9fTFv1iUy0s96zMEl95Ekg4dL0nsBxKwfI2kSyZ5 1vE346GRG23w9on0FU+2qoq4LfXKmJ5HLB4xDxegm/PLdd842tppv2LAmSO8vRZR Qmin4IERfEmGEUGKDsFM4tGH5j34mAlDklgil3/H9Ca0ucchpoIFiP8jmXytNCqy lIafyOfIfInBAqlZizV0/9l37JKXTvispcAuJMg5fb29zvtprOSIP075jN9KMRB3 k3liMFwPgs+kNS5smQsbVVYOWphP1jgbXozjqfoIKUdFxecHjHVfl6e2W3kDPgf6 noQSn3lgPulVYgn3LqzEhL7G3QtRyzEzgqWG1sinlFJCDrmCBC5p+6lESuRVCcAk d3AKO4eyJ9CCcLL9+nBYL1tx94Wb2MyaIHJld3GcLFf3Y+UmtB8= =TFfd - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXw/qDONLKJtyKPYoAQiu3A//f/yXBxWuWzelY0n376v98wEcP06iXg5t RXV6kx3Fb0PQIe4Yd+5PZHCjwcG/jQra5MkoRrWox/mXMYDVgbzP8IRJs4Ys1QYj 9RPt71qj8oagutYpLHv3WJ53tpGlM+njsi2Df2zZu2vfCL8tbs4IAuLGmUPlFO4r JqGYiBUSzHBf9WT5wbSzQxAHus/UZc8jydV0FoXBJtcYuw/0b7EwLVdCUHWMQWXQ enr0w1E6FFLgLxf38G/VA60gZupGF1faTh1KKuugBFoLlepeu0ivOcnGY9AxUkR7 8VF5SafwegfjXPw/2l5K5q3+7jX+Yt4Nk4SqQPHSKjlLp+J1uXZpJIrkCmXlt1od 8KetYqlWJIkIK6eZ8H7AnFLP3Mc18tQkXXfei0HfD2PRVEI0n/BszKxEyTX/0tgk lUfB16bbr8LHk3EthnqPX5f7O0fcXWY4ZD9p3Bu1XJla3tYWEUS7QuzuGw9133mF EAviEJSxM5vKWKscN/BRg+jY430Exy1nWT4HqCp85PxVuqerbPnNiI4Fzg/hBZ5N fjJt+KVM3M9YHw6fHQfT4BaJvjbjIDE1w0e5fG4LUGodbtq8aOQ5U7fOBiSYugWk yZeLIGm/QHBmSxGtFAx/tw5GhxlnxOx/ittWZjPbbqQnXSwml+Vlp0Jy7MaElAJi QGd5oY1ltbQ= =a58k -----END PGP SIGNATURE-----