site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-05-3 watchOS 7.1 watchOS 7.1 is now available and address the following issues. Information about the security content is also available at https://support.apple.com/HT211928. Audio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Apple Watch Series 3 and later Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab IOAcceleratorFamily Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-27905: Mohamed Ghannam (@_simo36) Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero libxml2 Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz libxml2 Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz Logging Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: an anonymous researcher Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+kfn8ACgkQZcsbuWJ6 jjC+kw//SknbXJIkvNec20HTRT61PUXRKqLDb/eLMMakqZtlmae6y+LHK8pW73uh kpHnngqGX0rzpaA+CYUgZI/fkC4szoJP5vFTRQaetdAhsykK3ASLdqrEfkU6K1RE bRTwmgFXaJIsh7zna+sHB84XHUK+Z4QtZMNw9AnHGXTGBM7ZBbnd+hD7KUPftoYw +OEV3qADOdBYYPeF18zlTbNXII/6jzrk3cHYZljPjb9L5Z7v/DpNxQ39OzJkyp3V foFM+Vm9ZlTTmJZTmYv0Sbvqe72I34piehk/9gpcYJXMGRzh01YLh4Xhs7MK9iba 441r3cHOzJ97w/Yi1fw+JjajRMUPK/iZEKioAdGsAPIgR4GqQjVIpDAtokOFkKvo mMdwS4DTlpx6rXrUrDVJEd0zpcGWI/lUaADLcxYWVwA9d6rWfRmG9HvZvTzXMzz1 pxdOubWnvIa39BwYX3XHArvFOyvu0dvluwKTWoAxHwGTzDExXnT/U9VTcy4FBrfb QTG1MhnuJJ6qO6acOfvqUP3Vy9XjZfSgmfRLSFcEjNOU/9qEYg4tRe5RyrNb9JOY XI2Il8ggR5w8QcT8N+/NKyjBSmctRj6UCScRR6q0wLNvFh+iPgCZK3ze6BZBTSUc G4br8A+Tbw0WPfo+BYH52qKwp5ZT0ZwPiWaOk5ojuKrqkXjzUTg= =wLNP -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com