-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3185
                     APPLE-SA-2020-09-16-4 watchOS 7.0
                             17 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
                   Reduced Security         -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-9976 CVE-2020-9968 CVE-2020-9952
                   CVE-2020-9946  

Reference:         ESB-2020.3181
                   ESB-2020.3183
                   ESB-2020.3184

Original Bulletin: 
   https://support.apple.com/en-gb/HT211844

- --------------------------BEGIN INCLUDED TEXT--------------------

watchOS 7.0

Released September 16, 2020

Keyboard

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany


Phone

Available for: Apple Watch Series 3 and later

Impact: The screen lock may not engage after the specified time period

Description: This issue was addressed with improved checks.

CVE-2020-9946: Daniel Larsson of iolight AB


Sandbox

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester(@xpn) of TrustedSec


WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to a cross site
scripting attack

Description: An input validation issue was addressed with improved input
validation.

CVE-2020-9952: Ryan Pickren (ryanpickren.com)



Additional recognition

Bluetooth

We would like to acknowledge Andy Davis of NCC Group for their assistance.

Core Location

We would like to acknowledge Yigit Can YILMAZ (@yilmazcanyigit) for their
assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero for their
assistance.

Location Framework

We would like to acknowledge an anonymous researcher for their assistance.

Safari

We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's
Innovation Centre (onespan.com) and University College London, Steven J.
Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and
University College London, Jack Cable of Lightning Security, and an anonymous
researcher for their assistance.

Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.

Published Date: September 16, 2020

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX2L3aONLKJtyKPYoAQgPaA/9E9dijP78WJZyL7KXipwtRrdpDc8/oZVl
gUUZYh1QscyioyKcX1aZe0vxGP1D7Bw4EdR3N3dCGAY5H1SHe+ZgYTMQgy0OUcDK
5Y48vobuTEyd29/Kl5fu3/1l9n+uUd1f8YYw3+bUGhii2NwMoFgjIhgeBnKwoof5
exdyXKywDfB/cCHDYxi5K6hTg0C7wsC3jMExVuQ9yibjIEfNozairu+plsUN1nCN
COC2R3tQhCfWIdXCRaXRBvF1baiMykh92iteuTR4pVnArnHGtmAMl/bVmgN9oBUf
WibGZGmPd1TjhTap+dcW58dn9D5OzM9X/SKKtW7uOxw9jtt+HOBpKvpevFoQjvNx
wGzbSYUUi/4/No2bX+cLboUEXqbbpfxJf9gmczqC7/JjTcm/8stOn+8Xbw5rQC5t
F4SA9710SEqkL9gaBy0XVE2HkxZWD1+LSwu4slDhToI1yatq11N04dlBNVKkyOGA
LvlyF2Y2awCepa9S3Z1KrYCO9xbZiDtffujchnWrWGqraVBJz+ntDgzAhyeufdKe
C8T+PrG8ZNCCuZbgQJyx3E7ONvZHhiZ5dzFQsdmZ7D9NSuRAaxx5FYKQpTtFozrP
AhviXN+K3QduKnBrxZTUoYgQglsWi6TEon5GdDYlfx6SwTBgoGl6C43BIgDrDDPu
O763AF5dOQk=
=a/W3
-----END PGP SIGNATURE-----