Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1419 Apple security update for watchOS 27 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS Publisher: Apple Operating System: Apple iOS Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-30661 CVE-2021-30660 CVE-2021-30659 CVE-2021-30653 CVE-2021-30652 CVE-2021-1885 CVE-2021-1884 CVE-2021-1883 CVE-2021-1882 CVE-2021-1881 CVE-2021-1880 CVE-2021-1875 CVE-2021-1872 CVE-2021-1868 CVE-2021-1864 CVE-2021-1860 CVE-2021-1858 CVE-2021-1857 CVE-2021-1851 CVE-2021-1849 CVE-2021-1846 CVE-2021-1843 CVE-2021-1832 CVE-2021-1826 CVE-2021-1825 CVE-2021-1822 CVE-2021-1820 CVE-2021-1817 CVE-2021-1816 CVE-2021-1815 CVE-2021-1814 CVE-2021-1813 CVE-2021-1811 CVE-2021-1809 CVE-2021-1808 CVE-2021-1807 CVE-2021-1740 CVE-2021-1739 Reference: ESB-2021.1408 Original Bulletin: https://support.apple.com/HT212324 Comment: Apple is aware of a report that CVE-2021-30661 arbitrary code execution may have been actively exploited. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-5 watchOS 7.4 watchOS 7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212324. AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza Audio Available for: Apple Watch Series 3 and later Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreFoundation Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest CoreText Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab FaceTime Available for: Apple Watch Series 3 and later Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 Foundation Available for: Apple Watch Series 3 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k) Foundation Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga Heimdal Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro iTunes Store Available for: Apple Watch Series 3 and later Impact: An attacker with JavaScript execution may be able to execute arbitrary code Description: A use after free issue was addressed with improved memory management. CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1816: Tielei Wang of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr Kernel Available for: Apple Watch Series 3 and later Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett libxpc Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz MobileInstallation Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2021-1822: Bruno Virlet of The Grizzly Labs Preferences Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: Apple Watch Series 3 and later Impact: A local user may be able to write arbitrary files Description: A validation issue was addressed with improved input sanitization. CVE-2021-1807: David Schütz (@xdavidhu) Tailspin Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aonâ\x{128}\x{153}s Cyber Solutions WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher WebKit Storage Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA Additional recognition AirDrop We would like to acknowledge @maxzks for their assistance. CoreAudio We would like to acknowledge an anonymous researcher for their assistance. CoreCrypto We would like to acknowledge Andy Russon of Orange Group for their assistance. File Bookmark We would like to acknowledge an anonymous researcher for their assistance. Foundation We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance. Kernel We would like to acknowledge Antonio Frighetto of Politecnico di Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu, Proteas, and Tielei Wang of Pangu Lab for their assistance. Security We would like to acknowledge Xingwei Lin of Ant Security Light-Year Lab and john (@nyan_satan) for their assistance. sysdiagnose We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan for their assistance. WebKit We would like to acknowledge Emilio Cobos Ã\x{129}lvarez of Mozilla for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2kACgkQZcsbuWJ6 jjCSZA//dGlk6FnYdt225G6hrw0Das2JjehGetTJ/jJWvGKA0/GE5arBiMKOZTke 3Qg9l4+spRDWhTptJNYfahuoPT5L9k9V276JvIQdCgvc/FYcio2XVx0MdSTJY+Q7 ixFOkQio2zQA/WVPAqrC+Y7iY1kmsi4nVa8dnqD2wr9qz2QGV9D7na5ApSmwCqoM AyJgzDIfvtLlMBxV4f5gPBrody/XH+py6YiQyzx/1yZGn9ExkKCKtxHWkMI3ITAB EYH855RpXUemn6wWbJWk/iE6bHRLm/TJIEw8TS3QTWDUXYh3xY55x5jZbGtbhWZw QpAbqEQK74pEfjqEGSlQ+X9z8r+P1pHVDbBwSsptzcUFvm3ClfOdAl4Cyvr78aDk 7/nSnT9ri3BJ3FSBiPL+Kh8ZO2DrkGM2HNYgf792G/M34uKbn+0POnEaADpvhtTo Ot40b3kdUPMWSeEyDy0K/HJm1wlgWKsRgU2X/8xUZQGeR+OlxUv2VIQYC7l6PijW RXCo1cUIp2q74HGg3O8B2sJaLvkk6fR9za8Bp8qcD53O6YXzabqe2SR+oqS0xp/j W2wciUAX4kcZ1YquDjCPs5lBt96Vy75PvGc5BULV4uxmOkH3al2jVKsT4IMdJn2t ITOpVyXUml8UIzJ9jpYALS7SYfz0rCJDMJ7W0SAT1czAF2exrB0= =Nf4q - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYIeczuNLKJtyKPYoAQi2HA/+OZhHTTjcuHXN0ujnam5QlAcZBC3LGDoT gxyAVBNegBqgKVQe1bll7jfFQCiC4ugchCZcriltAhnsq4aVUfvXTeD59CRJGQqN z923KofohctcsP2FeL25GYH7/+DaYLcbyErVEqVNoVkNV+rKqG6GzbJ3mf67KPMv SBicCIFGc/oaa+A3jA8Q/yVj9gExRuvXbsAzkpnw9f5yv7WGZNcafwTwPeERcaM/ OP0WO0JwEufbKXaHmAkTxMc1QS/4OuIw07NExjrq4U78CWUmCWb8hXfIhgSIrB79 F+Hj+Wk+7oXzi0Tsd9sw2D88bPsef5hhMx6Blrugevv6n83Oj5k7la5tWi9KtU95 XD0/K2UtBrzDt5wdchd7+nJuYLMIZoXXCuS6W3hAMK9qYIRoGckDZF3JNYtsx17z iyj0691mMMXBYovUD6Vh5rAGvw5w1dYG2oNJY4/PFysgYdrK8SGfc2a64Uhn13EK BPXuQ49C0SVdpbxRb/pX3kZMKZlusd2I/5a2rSpx/soyMafMrzWNicVWIxYdY4MP 2spNW8+kMr2CQ+xNBD2MdOG+ykUDGQKSbV72Dtgkyu79JYRpv6KcOZwzpZ0vYRsc R4N5dkElW/Mq3bA+0nly3SfIMXHlvqeO/bjU82qJdHsUGfobXjN2RzFwtpM5+DNZ cqu+cEYAXuE= =5Q7N -----END PGP SIGNATURE-----