-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-2 watchOS 8 watchOS 8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212819. Accessory Manager Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab libexpat Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1.0 CVE-2013-0340: an anonymous researcher Preferences Available for: Apple Watch Series 3 and later Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Preferences Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30851: Samuel Groß of Google Project Zero Wi-Fi Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher Additional recognition Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge an anonymous researcher for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI88wACgkQeC9qKD1p rhge3w//du/3CtowNHyNBftwUr387yywBOt8ikL5oGUbp/whcmqN+duolJBzO+6b z/Bfw1moZzvLO16TxK9IqlmEsPPp7CU3hoam0yuMjZRgsAEqK3tw2RDTeoyrTiYh SqLXt8kzLRjsJFX8uigpD/pKo3NOZJKXgULJl0QLWFaKSbDlj1ajzXJ1BCvsAsua FdAsuoYcvgYkEzi4qIbjX/o/cNF586oZR/Qh4V8d+sFLHmouUfA+5IKRqq5pu80f T6TZwzz3lTkk6+GIhS/UoTabMJAZDwqJAkKyoMx+V/FF90FvVaDMwZCSWmZ1mjok BdvDxNaSQwmG0646W1IU8rvUnrZEFz5fhYxM1aPBML5XyUjlpJ93enVW4zjvrkQQ j0M+zIaMA+vamyJ/99vE3cU07LGcXqPWd9izMMZTRR4oMTDez1tEuvyCmB+sfAVV pPCguBKd6/nbQRX5Z2UMwWnc8A6FHxvoX0mQDTpHIddQtl7pbm4z6mkGMz9w99vm 4Z0czehn/MJ2QEllx7WY39UTi3IonfaH27VTydIX4ohmBEbIMUOqF72i/SEzEYLI TQxp/826/LpItSoxvxqer9HpdH5tkrJrmYyD9Ei1BGL31Ooh4I/DeNZYCvSxK/mH Szu2M3+5gzrxfL43C9auHxE23YTv0KHgfVy+d8XrD73RzCRH3fo= =7oDD -----END PGP SIGNATURE-----