Apple Security Advisory 2015-09-21-1 - watchOS 2 is now available and addresses unexpected application termination and interception issues.
cabb377a29411848af2fa92ccc7f4329097035584b9eec7ebf43de5900d30e88
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-21-1 watchOS 2
watchOS 2 is now available and addresses the following:
Apple Pay
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description: The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality.
CVE-ID
CVE-2015-5916
Audio
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT204873.
CFNetwork
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in FTP clients while checking when
proxy was in use. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A person with physical access to an iOS device may read
cache data from Apple apps
Description: Cache data was encrypted with a key protected only by
the hardware UID. This issue was addressed by encrypting the cache
data with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2015-5898 : Andreas Kurtz of NESO Security Labs
CoreCrypto
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Data Detectors Engine
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: Memory corruption issues existed in the processing of
text files. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)
Dev Tools
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
dyld
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
Disk Images
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
GasGauge
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5918 : Apple
CVE-2015-5919 : Apple
ICU
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2015-1205
IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team
IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5848 : Filippo Bigarella
IOKit
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5844 : Filippo Bigarella
CVE-2015-5845 : Filippo Bigarella
CVE-2015-5846 : Filippo Bigarella
IOMobileFrameBuffer
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in
IOMobileFrameBuffer. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5843 : Filippo Bigarella
IOStorageFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. This was addressed through improved generation
of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through added entitlement
checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-
chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in handling of
IPv6 router advertisements that allowed an attacker to set the hop
limit to an arbitrary value. This issue was addressed by enforcing a
minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in XNU that led to the disclosure of
kernel memory. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to cause a system denial of service
Description: An issue existed in HFS drive mounting. This was
addressed by additional validation checks.
CVE-ID
CVE-2015-5748 : Maxime Villard of m00nbsd
libpthread
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
PluginKit
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious enterprise application can install extensions
before the application has been trusted
Description: An issue existed in the validation of extensions during
installation. This was addressed through improved app verification.
CVE-ID
CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of
FireEye, Inc.
removefile
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
SQLite
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-5895
tidy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in Tidy. This issues
was addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWAD3JAAoJEBcWfLTuOo7tqhIP+wbrK4nNIHsCMFxr+c3JyvLQ
QFIsKBJwODOwx8HXF7IVx5qOTUMooR+r2uCtpnB9tdhHeCKE4wl4IjJRKtNmuKo8
cpCJP5jBDk1JGlms7htP9umRwa+J6o5BMiqJRYJWfUZKt5M180F1LwQRo5EexTYm
oWoDLwqNXU8gl6xXFNVNsWDtgvhalpT1eTYj2WDts0lnS9lnaTQIBipIlcH+9T8M
jOxZAaogwdN7F1WIP+DnoEI8f1rBPgq+WCY9hzYnRzIt8D7QPU3A9UVMPXRptlYD
AUA5oynybu+72mlauHL4iZ4RJEMDQNDvCX0F3oDjJv9NxDnrNTYdVXor8IYffkXm
u9byknmIKTwxR+FtMk7kS//C2PV8SGfigkvaYQt3OLEa3FeqwIl8+qtVF059QeBL
WrBz0hcfOiB0mcm4CpDdtkNZCwROgyMgPv3vK5WqvcIDUe2rmCAP9XIuEgZDriCk
U9A7pEwbcRaV3G9G9zCPQOxnXv/Ko2xjZPLEtcNvwBkel4Dd5nRQ5S7yyWF977Ds
fx1pzFRtXDCTbjwDDN1XM78IV++nz8xQnaqh193Oq4a+GN3XeM70uE+dNpeOJiQh
E/Cp9KI563FhoaZSR/01iiK8DD+YT/d6SnkWq02joP4VGvEpNzZ5Tv/68Peaw/QX
W3j/7Rzc/PjuOCP0lDSI
=PAVo
-----END PGP SIGNATURE-----