==================================================================== CERT-Renater Note d'Information No. 2019/VULN347 _____________________________________________________________________ DATE : 30/10/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): watchOS versions prior to 6.1. ===================================================================== https://lists.apple.com/archives/security-announce/2019/Oct/msg00008.html https://lists.apple.com/archives/security-announce/2019/Oct/msg00012.html _____________________________________________________________________ APPLE-SA-2019-10-29-4 watchOS 6.1 watchOS 6.1 is now available and addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt App Store Available for: Apple Watch Series 1 and later Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. Description: An authentication issue was addressed with improved state management. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu) AppleFirmwareUpdateKext Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8747: Mohamed Ghannam (@_simo36) Audio Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure Contacts Available for: Apple Watch Series 1 and later Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com) File System Events Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher libxslt Available for: Apple Watch Series 1 and later Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz VoiceOver Available for: Apple Watch Series 1 and later Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8775: videosdebarraquito WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8764: Sergei Glazunov of Google Project Zero WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group CVE-2019-8765: Samuel Groß of Google Project Zero CVE-2019-8766: found by OSS-Fuzz CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8820: Samuel Groß of Google Project Zero Additional recognition boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum for their assistance. CFNetwork We would like to acknowledge Lily Chen of Google for their assistance. Kernel We would like to acknowledge Jann Horn of Google Project Zero for their assistance. Safari We would like to acknowledge Ron Summers for their assistance. WebKit We would like to acknowledge Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ___________________________________________________________________ APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6 watchOS 6 addresses the following: Audio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019 CFNetwork Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019 CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Entry added October 29, 2019 CoreCrypto Available for: Apple Watch Series 3 and later Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019 Foundation Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019 IOUSBDeviceFamily Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8718: Joshua Hill and Sem Voigtländer Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8740: Mohamed Ghannam (@_simo36) Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8712: Mohamed Ghannam (@_simo36) Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019 Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) Entry added October 29, 2019 libxml2 Available for: Apple Watch Series 3 and later Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019 mDNSResponder Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019 UIFoundation Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Entry added October 29, 2019 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8710: found by OSS-Fuzz CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation CVE-2019-8734: found by OSS-Fuzz CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8773: found by OSS-Fuzz Additional recognition Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance. Entry added October 29, 2019 boringssl We would like to acknowledge Thijs Alkemade (@xnyhps) of Computest for their assistance. HomeKit We would like to acknowledge Tian Zhang for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance. Profiles We would like to acknowledge Erik Johnson of Vernon Hills High School and James Seeley (@Code4iOS) of Shriver Job Corps for their assistance. Safari We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) of TurkishKit for their assistance. WebKit We would like to acknowledge MinJeong Kim of Information Security Lab, Chungnam National University, JaeCheol Ryou of the Information Security Lab, Chungnam National University in South Korea and cc working with Trend Micro's Zero Day Initiative for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================