Apple Security Advisory 2017-10-31-10 - watchOS 4 addresses TLS weaknesses, denial of service, memory corruption, and various other vulnerabilities.
bf329a7b0c636f783245fa9ac4453b9454375182fb1dcbb20bc593d709b94c37
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-10-31-10
Additional information for APPLE-SA-2017-09-20-2 watchOS 4
watchOS 4 addresses the following:
802.1X
Available for: All Apple Watch models
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS
1.1 and TLS 1.2.
CVE-2017-13832: an anonymous researcher
Entry added October 31, 2017
CFNetwork Proxies
Available for: All Apple Watch models
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CFString
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13821: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
CoreAudio
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13825: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
file
Available for: All Apple Watch models
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.31.
CVE-2017-13815
Entry added October 31, 2017
Fonts
Available for: All Apple Watch models
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13828: an anonymous researcher
Entry added October 31, 2017
HFS
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum
Entry added October 31, 2017
ImageIO
Available for: All Apple Watch models
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-13814: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
ImageIO
Available for: All Apple Watch models
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-2017-13831: an anonymous researcher
Entry added October 31, 2017
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Kernel
Available for: All Apple Watch models
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13817: Maxime Villard (m00nbsd)
Entry added October 31, 2017
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13818: The UK's National Cyber Security Centre (NCSC)
CVE-2017-13836: an anonymous researcher, an anonymous researcher
CVE-2017-13841: an anonymous researcher
CVE-2017-13840: an anonymous researcher
CVE-2017-13842: an anonymous researcher
CVE-2017-13782: Kevin Backhouse of Semmle Ltd.
Entry added October 31, 2017
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13843: an anonymous researcher
Entry added October 31, 2017
Kernel
Available for: All Apple Watch models
Impact: Processing a malformed mach binary may lead to arbitrary code
execution
Description: A memory corruption issue was addressed through improved
validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Entry added October 31, 2017
libarchive
Available for: All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-13813: found by OSS-Fuzz
CVE-2017-13816: found by OSS-Fuzz
Entry added October 31, 2017
libarchive
Available for: All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2017-13812: found by OSS-Fuzz
Entry added October 31, 2017
libc
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google
libc
Available for: All Apple Watch models
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373
libexpat
Available for: All Apple Watch models
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233
Security
Available for: All Apple Watch models
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: an anonymous researcher, Sven Driemecker of adesso
mobile solutions gmbh, an anonymous researcher, Rune Darrud
(@theflyingcorpse) of BA|rum kommune
SQLite
Available for: All Apple Watch models
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz
SQLite
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher
Wi-Fi
Available for: All Apple Watch models
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero
CVE-2017-7108: Gal Beniamini of Google Project Zero
CVE-2017-7110: Gal Beniamini of Google Project Zero
CVE-2017-7112: Gal Beniamini of Google Project Zero
Wi-Fi
Available for: All Apple Watch models
Impact: Malicious code executing on the Wi-Fi chip may be able to
read restricted kernel memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7116: Gal Beniamini of Google Project Zero
zlib
Available for: All Apple Watch models
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7spHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZGEg//
b9oGcBI764Zj3yc97lPWNbfigROlcS8wiSfa/ZAcZQQjSEylePIcrw2uUGjBWF2R
hPWZBxGIwyAP/OEjPGJtg+XW99I6rtblIknHwyMEap0PPIOHsoVcZLwUn23Vh154
e9dRzPvN3I2Y5/ckTD95V3cRN6++XhzBv8I0wxscBcxt3tVqAbRKepcdoujxtcGj
TfwmyCThqS0jN5ycg8pZbAI0q/MQldnfGTwTwFzuGF3eRAu19ZrdpFPTH1/IbrlL
+vugRGkNmfTnf+6KZd8C3M54EwOinnoB5eAGxhL/u0cGi0FJH3Jx645Zy5IvgTTo
cu3vUobnxJ3zMNyP+8myRca06QhO15Q3YZlHzBctBeOTEgDntY4ADSuvzcEXOSV3
NzlEfCp8ABBHo/k7/SLfFPtRbEzjnXtmvtL+FQBNO9N4tBECfk1zcG+biePoU3J0
OZnca+uRX+zU66LSondbsEofZ3xOHXFUOTJKlOX7JzywUnY1qBvJ4OwfP91P4g6C
3Fa72u7dtcgWpRTNXm606DYAa54uXojtxG10GGfM+vWQE5WXqwraPQqnGoHJJW+T
WsNs5Sln8XHAWEWfcR0WS2FYBgg2oaZNsYm9kgi8anybkxJs3/+bW3FCrhttGnUS
N/C+o3HRjuIUM2K2MDsKQnhF7EEa2pHePkM0HBGC1jI=
=7abO
-----END PGP SIGNATURE-----