exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2015-10-21-2

Apple Security Advisory 2015-10-21-2
Posted Oct 21, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-2 - watchOS 2.0.1 is now available and addresses arbitrary code execution, heap buffer overflow, and various other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2015-5916, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5942, CVE-2015-6974, CVE-2015-6989, CVE-2015-6996, CVE-2015-7006, CVE-2015-7015
SHA-256 | b5fed81d5b6693b68f892dc91bbaa73fd5b0465588a6086b31825b77a194c21c

Apple Security Advisory 2015-10-21-2

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-10-21-2 watchOS 2.0.1

watchOS 2.0.1 is now available and addresses the following:

Apple Pay
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description: The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality. This update additionally addresses the
issue for Apple Watches manufactured with watchOS 2.
CVE-ID
CVE-2015-5916

Bom
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Unpacking a maliciously crafted archive may lead to
arbitrary code execution
Description: A file traversal vulnerability existed in the handling
of CPIO archives. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2015-7006 : Mark Dowd at Azimuth Security

configd
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to elevate privileges
Description: A heap based buffer overflow issue existed in the DNS
client library. A local user with the ability to spoof responses from
the local configd service may have been able to cause arbitrary code
execution in DNS clients.
CVE-ID
CVE-2015-7015 : PanguTeam

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in CoreGraphics. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5925 : Apple
CVE-2015-5926 : Apple

FontParser
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Viewing a document with a maliciously crafted font may lead
to arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-5927 : Apple
CVE-2015-5942

Grand Central Dispatch
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
dispatch calls. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6989 : Apple

ImageIO
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Viewing a maliciously crafted image file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
parsing of image metadata. These issues was addressed through
improved metadata validation.
CVE-ID
CVE-2015-5935 : Apple
CVE-2015-5936 : Apple
CVE-2015-5937 : Apple
CVE-2015-5939 : Apple

IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6996 : Ian Beer of Google Project Zero

IOHIDFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".


Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWJuKhAAoJEBcWfLTuOo7tkBcP+QGVb0FmXmyDjPNF1b3Mx4Cv
2gPz3W6x1BQlss3/2+WX8YAMXgtGux0HQfYF/uQIjverf+HHlGDN2bd+P61odDEp
hEU2h6N6bPbDp85MehTgZWt8/c6HR5XB2KFKNAXhE6YmrZ8neXBYLF+sF9T9NMx0
ar2/yWFlCVFTgDHzt4KGFJFjNDr8urHNp0nc4KjOE7YE83oK9vkAxmqOhpPNNzdj
DIob8y1wO4NBoClzXr8DIlqoajFEWLXU++G6MVclhCoWun+vQpUo3XcOG7mJgoff
nrb9ITbsEXtpKLeHYPdK7y7EMWOasVb2GPkK3TWEc37wf2eEk2cUSHRN6bjeIsJO
WWVqGC8+Ya7eQgsztUlfUMK8OFNX9wz9CABB/wBNbYe1fzea+oZV7ijCR6IzOi6I
5xFEDCxSOnDMSn3uF/ENRk5LG7DC0PsL/Er/H2tSit9oacEGmoozyUdGlexG4o+a
pySDBLiplfVjdfoPv8ABQSN6mtvD1MaLVVAoG14FEObEEY/tdl22Ou8NZQ6OgeLl
I2uyMSPQDGMKXNxjIfgWTWK31TQakq3c78swlXy9fZrCWl/ti8y6CFUVqP8XOjN9
LgkJcChm77UXsiFCKqREMw/kgSDvctF94iMknUBc1+YDj+uDs+t9vvUzZ3syFC0V
4bPj6XOJcceSHv1+PlcF
=gtL/
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close