-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-3 watchOS 5.1.3
watchOS 5.1.3 is now available and addresses the following: AppleKeyStore Available for: All Apple Watch models Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad Core Media Available for: All Apple Watch models Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6202: Fluoroacetate working with Trend Micro's Zero Day Initiative CoreAnimation Available for: All Apple Watch models Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team CoreAnimation Available for: All Apple Watch models Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team FaceTime Available for: All Apple Watch models Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero IOKit Available for: All Apple Watch models Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google Kernel Available for: All Apple Watch models Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6209: Brandon Azad of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6213: Ian Beer of Google Project Zero Natural Language Processing Available for: All Apple Watch models Impact: Processing a maliciously crafted message may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2019-6219: Authier Thomas SQLite Available for: All Apple Watch models Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-20346: Tencent Blade Team CVE-2018-20505: Tencent Blade Team CVE-2018-20506: Tencent Blade Team WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team Additional recognition mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSScpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3F+LRAA qGRLgVxJNsykb7DXaeDljO2Rlt7U55N0jAYT7k4t0lBCv3pf5f+4k3Bi0eCa2BfU gzIIGrh+zsEAJWiRxdmJKVY53yGGpNVncUZlG8DpcSpYqTnoeGg4+u+qZjFg3LzQ BHbZ9XcHED0w4Cvqspj5h4+Ev9CaRy7BJLaF+EkyuSBqn6eOg/YBl/1/ots1wCxO 3Dcg2+yo3s8RCyHln/PWbZ380WLGVWNG0JgKYxd2D7qUtBuaoX9nEDHIl+Su0mJF kOdfAocbPkgS6mtVuEDLE6eDJbHdhz33R0LKu1uTfOz0jNjuBkRMHBUJHcRc8ZUR uT02n9D9pbSd/k2sTojfawjO6jX0+fcdOw506O03kTRGTlxmv+iOYS8clxbvgQx9 vYIY0fjEGeozPjNLlLI2dc4SXMtXrjdiy0NIzdHa5HkhHdQsPDWdz93fmF2VQGY9 tL0hy9cg2yx5Z4OVdnxnDfknLD2Sil+C0YcfjNBZW9lRF2LEIa4MQtpsY6pFVVma lvZe3hEIDB97wwqNaWB0dzX7Kk/fMEpm082TQXZ2nytUex0/oJxOfioucNZpqBgL bwCBdu/6Ct/5dEpw4Hw/dqYD00d0/i9syG9B6RRchI79DnNTShTa23HgRUkXzDro y/kbj4CeJn8POK/0AU2W7eHRwW5klkpQV3ToSgkltQg= =n/ho -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/