BugTraq
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 Dec 13 2016 06:52PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro

Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Entry added December 13, 2016

CoreFoundation
Available for: All Apple Watch models
Impact: Processing malicious strings may lead to an unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher
Entry added December 13, 2016

CoreGraphics
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
Entry added December 13, 2016

CoreMedia Playback
Available for: All Apple Watch models
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
Entry added December 13, 2016

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk(æ³?å?¥) of Tencent Security Platform
Department
Entry added December 13, 2016

Disk Images
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016

FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk(æ³?å?¥) of Tencent Security Platform
Department
Entry added December 13, 2016

FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall (at) gmail (dot) com [email concealed]
Entry added December 13, 2016

ICU
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: André Bargull
Entry added December 13, 2016

ImageIO
Available for: All Apple Watch models
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Entry added December 13, 2016

IOHIDFamily
Available for: All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz
Entry added December 13, 2016

IOKit
Available for: All Apple Watch models
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: Chen Qin of Topsec Alpha Team (topsec.com), @cocoahuke
CVE-2016-7612: Ian Beer of Google Project Zero
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero
Entry added December 13, 2016

Kernel
Available for: All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7644: Ian Beer of Google Project Zero
Entry added December 13, 2016

libarchive
Available for: All Apple Watch models
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher
Entry added December 13, 2016

Profiles
Available for: All Apple Watch models
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)

Security
Available for: All Apple Watch models
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: Gaëtan Leurent and Karthikeyan Bhargavan from INRIA
Paris
Entry added December 13, 2016

Security
Available for: All Apple Watch models
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Entry added December 13, 2016

Security
Available for: All Apple Watch models
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple
Entry added December 13, 2016

syslog
Available for: All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero
Entry added December 13, 2016

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
Entry added December 13, 2016

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGOO4P/2cunVM8trR+EYd6Y0y14I9e
og+1CS9b+kV/sxdiXwzOBKh2/bGk4Z6ynKGw0HTRdxu7Lvdkr/P+aEc/iIkUvip0
Y+p8IdQHmCQ6hMjsdeUSWWlBxPPQNbYplv/oNKhwei284PRIbwjeKIyOiN1h+H0x
1tjma/8Z/Gmltww1sDltQNOXzP9k41AhiUplkeAeQL6xx1RLAAZk2tefujjjS3HA
19yzikqH8NvfcfT+XU5HcibGT3ipUb4/6LI8T/50sqq8n/BTkzCmQDMLSyn0sQlg
4VLuGX79CPgCjZ/URNtcZU9B886jKddLUb7tVPh1tDfTJP0fu13x2gxLJH+q6S9V
L6osXqGaKR0f9Zy8iXlFbZfg1Ocp3pyrNi/+DB3c5hiYT61iP5pgujAv47VTYCVo
cHUMDrnT3VeOpZOYfK41s/ek0J8FItugvrdWKr7bwc6ITkeajfwvMczEgZul0gvl
s2LT7yXixweGvDj/nMz8f88ZLTvEVFXsSzcpkCRp2e6yAVB23lEuG6if7/L0GlQa
MmpREsDLMayxPh1X2gCd5A2lfdzqgZkYGmcPOxjbGBg4nr5VT8DTQXcaVApLh58K
8NSbwoZTsv/jIIf6vk0uCpV8/DXnUiohKSWgouyAOzPjxi5i/PKkqRKDi5i7O3o5
WGWqoJvuG/gExzpiajrn
=2mCW
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus