-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-10-25-2023-8 watchOS 10.1
watchOS 10.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213988. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Find My Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-40413: Adam M. Kernel Available for: Apple Watch Series 4 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling. CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de) Mail Drafts Available for: Apple Watch Series 4 and later Impact: Hide My Email may be deactivated unexpectedly Description: An inconsistent user interface issue was addressed with improved state management. CVE-2023-40408: Grzegorz Riegel mDNSResponder Available for: Apple Watch Series 4 and later Impact: A device may be passively tracked by its Wi-Fi MAC address Description: This issue was addressed by removing the vulnerable code. CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co Siri Available for: Apple Watch Series 4 and later Impact: An attacker with physical access may be able to use Siri to access sensitive user data Description: This issue was addressed by restricting options offered on a locked device. CVE-2023-41982: Bistrit Dahla CVE-2023-41997: Bistrit Dahla CVE-2023-41988: Bistrit Dahla Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania WebKit Available for: Apple Watch Series 4 and later Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 259836 CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic WebKit Available for: Apple Watch Series 4 and later Impact: Processing web content may lead to arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 259890 CVE-2023-41976: 이준성(Junsung Lee) WebKit Available for: Apple Watch Series 4 and later Impact: Processing web content may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. WebKit Bugzilla: 260173 CVE-2023-42852: an anonymous researcher Additional recognition VoiceOver We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal India for their assistance. WebKit We would like to acknowledge an anonymous researcher for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y/cACgkQX+5d1TXa IvqRdg//cKScy6rHxISLi1pgX+dKMmWE7ANPnfYxgFgPw/yMnaCyt9q6U4xBkTo+ LUrWI32vL59CVyflza+i32T1l9wxaKUHV3B1cVwqtxEeanB2i96HvuzEsEvjP0xN z3D0TEBTM3dG+mrefNnTPI4MyPlb936SmJ/3bLEwM72G24SHqhFjfzzTwjam6AKR F0GlVDsZgyZMKy26qDFxqlt8+nQ3dalsilWFWyJi/Y/k7o4zSl51rH482Kw6iMjc L5O/JFzpvYG7HMqB+eDoFBdS+q5WztulGq9hORwkfg7GsQfkNG/zp8Wu33WLNMNr Rz3TWqN9uxbceDbS0lVSDyrzwiE71LjdwirouBHpLg5CFK4Z8BLRXBZWtpYRJPII XNDv0JD5ms3mw1LqmA472jWbpHMRBirj5FUrSpCa+wHNVrFlu7CJ7u7JjV75uvPq QFdJMYBn6RZIMh0ZFIr1XkW6puyw6X/uuCK3dCzhPsh0BKuHWXM3OMx3PAx5Q59N 4jJndkdbrZkx8LF5jHfT/6L42vGucc2f69dZEE5eCtOx97x+cSqQSC9UHFxyo2kf /4tBUf12VzE6EnDthxDWrMu7bDoCvNTklC2EDUDq19ERyGwU7sOobC5UMpKfVOag bm+dJlqocK6R6sF6u4h4W7NsY4myu2FSud0nMax0aY/i/+9+di4= =eIm0 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
