Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3917 APPLE-SA-2020-11-05-4 watchOS 6.2.9 9 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple watchOS Publisher: Apple Operating System: Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Root Compromise -- Unknown/Unspecified Access Privileged Data -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-27950 CVE-2020-27932 CVE-2020-27930 Reference: ESB-2020.3911 ESB-2020.3910 ESB-2020.3909 ESB-2020.3916 Original Bulletin: https://support.apple.com/en-us/HT211944 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-05-4 watchOS 6.2.9 watchOS 6.2.9 is now available and address the following issues. Information about the security content is also available at https://support.apple.com/HT211944. FontParser Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+kfmoACgkQZcsbuWJ6 jjB0bQ//ZJEfIJf5ybim8u7RXip2jBwJgvnsZ/0aJM9L1v0KOiMx5SLVaDNWvB2M feEY1ac0ApCu2eQeWmBK0hhsu/KuafOBSaOFWh0dHejQElJH1P/t7U8LG9R9cRwk rE1BRKRVnDRSV5E4EyvLmrRXB3ex93MkZpDlDjnbmvVm0Sum/aUWid8Ts3BAtvyh uXZkY3fPxDnUkLI/DG+Em3exY4cT5t7BX0UVl6DbhQslFmOU4I7lZE0REocxpiMp jI6Xs4DSRgdr1N3Q5oZfPxbi9ifVz0qb7W3SE3UHXDoiyjIZvYYPxwSGJsc+2tD9 3N0vhhQiQclOWIaGvLJ7FIXtdSu587rwk2qyRLPtahdRxuY6fy4CherO/wB1OJr1 0SGsaMVRAE8pPYEpJph8CqR4GU2omwqC+PhbfUSI22ELNDRRXoHNFvmFnmbdnodE MVRi532sPRXhZtZjWXKb7hZAC8N4hLoSp/ZYhU9UxSk6uRqJWIxLoja4zKvoXv4b 78lOUvXUKNhlnv9NeiokpYtbdLYi9JlTQMcj0NJl5hnx8/6iA0vc62FgK9Q4V0zf Dt/oLwW/KzoV/fNT+Yyf6/ezgFClVnkxmrTUTbOdKLhacsnwwhQRJQg4jJAcy91g Gpc8Uj7iN5Kn1aVhvewaAh+CaKByx3LF46ZEI27n/Cw3C6SoVY8= =hWJM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX6iQx+NLKJtyKPYoAQi5Sw/+LdbIaz7h14vpS2e1aK/cZEDk9Wn4fgf/ LKRa9bv6EVc5OZWdoCTMC7qFbvc88G2vB8M9BWKhZGbyQogz3pxKUI5UylYHoKoz +qEdXjJPFHnWjh5TZVyLc01t0/cRFboH/GdNyYEA24f8sM4MIMlXmuweg7mdeVtX guRYlan3Tm3IkbDl5hWtvC1h5y++01r0lqU+DEA/nuq2Nlwi9aCCcMKp4eIe8lpz lgkjGg4y9kArs7DRCbR+E+Jfr2bC33B/q0hSdQkP2NcBCWRkdm3J15by7gcvfABp 5iQNZTsm74iBc2EKuakhvzsp+FS/vhsRMXSOtVbK984O988ygTWGE4q8pj14lxZp hU/mmS4Cec5AAKYrbaBEzO4WpXa5yn8kB9x5LXOySzReuuyD7Nqk5QsmgjUa1lgn Cjola5cMVE5Av0SZIZpMD+KlzDjuiwBEZiKyN3e/RCLLFmOVo9jpSM3YYl/wLMyQ Q8pnIk3r6zmEAJeW0MRVzozwK1Pj0pAZ68vqBvsoNVVqmb5Mz9A8w0pplCPxvxmw A87zc2EAa4wS+mw04KVigvxsIqbRouH6lnFYImngaIaouNFG1gEriljnJxhjpP+1 OrLdHTJfhuCmmSwK+Alb8o2+Kknwgq31jEWWyusow+M02vlWF+W9XAtLdEj+L5QA 4JnBAFEue0g= =GH9R -----END PGP SIGNATURE-----