BugTraq
APPLE-SA-2017-07-19-3 watchOS 3.2.2 Jul 19 2017 07:33PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

IOUSBFamily
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
CVE-2017-7026: an anonymous researcher

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7023: an anonymous researcher
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher

libarchive
Available for: All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-7068: found by OSS-Fuzz

libxml2
Available for: All Apple Watch models
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7013: found by OSS-Fuzz

libxpc
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero

Messages
Available for: All Apple Watch models
Impact: A remote attacker may cause an unexpected application
termination
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7063: Shashank (@cyberboyIndia)

Wi-Fi
Available for: All Apple Watch models
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi
J4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ
0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+
6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8
mVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6
jv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE
K1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm
GE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx
hR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6
jtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi
zrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb
QvBYRDybEp8yUkxd8seM
=Ci3F
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus