copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2015.2653 - [Mobile] watchOS: Multiple vulnerabilities

Date: 22 October 2015

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2653
                    APPLE-SA-2015-10-21-2 watchOS 2.0.1
                              22 October 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           watchOS
Publisher:         Apple
Operating System:  Mobile Device
Impact/Access:     Root Compromise                 -- Remote with User Interaction
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Console/Physical            
                   Access Privileged Data          -- Console/Physical            
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-7015 CVE-2015-7006 CVE-2015-6996
                   CVE-2015-6989 CVE-2015-6974 CVE-2015-5942
                   CVE-2015-5939 CVE-2015-5937 CVE-2015-5936
                   CVE-2015-5935 CVE-2015-5927 CVE-2015-5926
                   CVE-2015-5925 CVE-2015-5916 

Original Bulletin: 
   https://support.apple.com/en-au/HT205378

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2015-10-21-2 watchOS 2.0.1

watchOS 2.0.1 is now available and addresses the following:

Apple Pay
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description:  The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality. This update additionally addresses the
issue for Apple Watches manufactured with watchOS 2.
CVE-ID
CVE-2015-5916

Bom
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Unpacking a maliciously crafted archive may lead to
arbitrary code execution
Description:  A file traversal vulnerability existed in the handling
of CPIO archives. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2015-7006 : Mark Dowd at Azimuth Security

configd
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A malicious application may be able to elevate privileges
Description:  A heap based buffer overflow issue existed in the DNS
client library. A local user with the ability to spoof responses from
the local configd service may have been able to cause arbitrary code
execution in DNS clients.
CVE-ID
CVE-2015-7015 : PanguTeam

CoreGraphics
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing a maliciously crafted image may lead to arbitrary
code execution
Description:  A memory corruption issue existed in CoreGraphics. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5925 : Apple
CVE-2015-5926 : Apple

FontParser
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Viewing a document with a maliciously crafted font may lead
to arbitrary code execution
Description:  Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-5927 : Apple
CVE-2015-5942

Grand Central Dispatch
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Processing a maliciously crafted package may lead to
arbitrary code execution
Description:  A memory corruption issue existed in the handling of
dispatch calls. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6989 : Apple

ImageIO
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  Viewing a maliciously crafted image file may lead to
arbitrary code execution
Description:  Multiple memory corruption issues existed in the
parsing of image metadata. These issues was addressed through
improved metadata validation.
CVE-ID
CVE-2015-5935 : Apple
CVE-2015-5936 : Apple
CVE-2015-5937 : Apple
CVE-2015-5939 : Apple

IOAcceleratorFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6996 : Ian Beer of Google Project Zero

IOHIDFamily
Available for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact:  A malicious application may be able to execute arbitrary
code with kernel privileges
Description:  A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".


Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVigjWX6ZAP0PgtI9AQKVFg/+Kg+vzeWoX3goQk5c/38uJaZLTcH4xYM2
DylQebgzEirtcndDBMDMu0SWYMTbk1PSdw07zEd34KugHn4yuXvrgX1DwDzTkBO6
CcNB9CMgx7WajRpJDxEu0kGDgYZwyWWLutsFY9yQOZYie7bsnoqYhaeDLKpu0m2I
HHEWz48oE2ebJCsvA0DhscetNM1ABspC3Hqt3GsC9jaKYa0jzsCW9us6o9DCff0F
4J7mGkfTQVuua/iovW4maW6IcM+2Fzn+Vu/d3g+CZP96aMPm7ve2191guxAeH2jO
KPyFhqkCBu16P4YqgVnvQSaOgIz+GWDPc1rZyJawoHdgiR+A7zuWnUhAfO9th/n8
Up1MtQTCTrCh56a1t2PlYLFI6GPja41Ya9QnNb0QT+4d8qH96f53XzUE2+dRb3R0
CDwAlL1HlITE20A+0Y/OVzKMOHaCylzBJ5her1rBNP/vBMEXWTItoSYvu/pYQzua
l0wDedClZEiNEoZuSBIMjZtQh/x55oiqazEPl72FCeXqI7Ep+3tqbv7PbuZ+FZES
3OTq5WQOoMCW5fKMggReOmV34+LuEBjn2edlsD8HvYsdo+H7wpxbDTmwS9Hopnzg
550zVsQgt5Ufd+oEIGpD7UjazIORkbaRVOANucDARjifDjPtC4g8ltbPXFQ1BGiK
PXZEv/zQMrk=
=K5Bs
-----END PGP SIGNATURE-----