APPLE-SA-2021-02-01-4 Additional information for APPLE-SA-2021-01-26-3 watchOS 7.3
APPLE-SA-2021-02-01-4 Additional information for APPLE-SA-2021-01-26-3 watchOS 7.3
- Subject: APPLE-SA-2021-02-01-4 Additional information for APPLE-SA-2021-01-26-3 watchOS 7.3
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Mon, 01 Feb 2021 14:56:31 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-4 Additional information for
APPLE-SA-2021-01-26-3 watchOS 7.3
watchOS 7.3 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212148.
Analytics
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
CoreAnimation
Available for: Apple Watch Series 3 and later
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreText
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl. This
issue was addressed with improved bounds checking.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (m00nbsd)
Entry added February 1, 2021
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Swift
Available for: Apple Watch Series 3 and later
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebRTC
Available for: Apple Watch Series 3 and later
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgucACgkQZcsbuWJ6
jjDy4Q//e4Vg3wXzKy5FU+Bh4pAILb7SXtD3pp20CbjKP7DcFNCXFCPU/7pEYeu/
U+0OGyIJQUQ6hrd2fPKFPGZn7NWZFmzu12z1VjYbNPgbkYHaI2Lz8zQ1gK2RMSVf
1a7rN/P87AJ1lYjhKwTCL61lcozPg7u/bqdkWyxDYKq0vnV4/m11FB8oGZTlllgG
qWdptjr0VZH0A2/BjTAe89vRlZyO7D5DW8fL1UEPEKCtLdH+XeDcyQSOzqCS4Olv
hdjG8nuegbOli9zemOQiTdL/YxS9l4lOMHkueynr2QtrP/9SHyDdj+8ByKKwghVH
6+0i+0OtjK9ZIc5+FIQMe9BiC/zdkwrlxhXrqN7bUgHTsGRIlVKCCx7n0HFRiazh
OBlRd8lrQcjkQElzTPtxtFgeU1RA8t85n1mCy9IJAFveDot0M2rFpYq17kuRRbiZ
gv3zO2+hmbE+hd07qqOMRA58KNIMt29NPxONW0SeDcuV8jZBYD61gBumei5TGdPC
/ArhziaIYLrySUg3DYNXpPETm8CrgAjNZ3/G/xJD0e5g/eXT0Y/y8Njwd6KC4OZ4
yWFq4yZ0Alur30apREvPrAfcvmmE7Gb3MbXpzOJFAmVeayNR5bqQyRrM58pMhFsK
Q+fRFLprgdLzMFd7jvUtsipiZ9VHFOYVKdx/saVVdZOGglGC4Ww=
=GdjQ
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden