-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Digital Touch
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8624: Natalie Silvanovich of Google Project Zero

FaceTime
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu

Foundation
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Heimdal
Available for: Apple Watch Series 1 and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst

libxslt
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz

Messages
Available for: Apple Watch Series 1 and later
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of
University of Oregon

Messages
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing

Quick Look
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero

Siri
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

UIFoundation
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

Wallet
Available for: Apple Watch Series 1 and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8682: Jeff Braswell (JeffBraswell.com)

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero

Additional recognition

MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GHOxAA
qFjks9IgHJdUoeXnf9JQR6LALFQ9M2N7ud2bj3MXxLYOB5f14g04BV/ZTlrl7CrV
yjhnjegcMeOTE5XEDRZcSNDuPFUc793pT04+fUqP88Bf/X/8/0D5LA5tRlce1CUr
+2aqVJJezJPwUySPpqiKu+GnYvgU6SXxqdWYBV2+FgG2ws0p4CP40fQohJDYgHvY
snIe+a46dFg0kywV2DXvWI36fPI1G0Hjwr9XBsbigDzqp7zxNbkwb9rzZiLSO7Us
7Vp9a854IFD7wVShiRufhroP73vKv8qteXH+EUZbubRzZG6j7jyXS74LuNyDi5qW
bk+u+yQRnyQQuKJDzy7mJSFgpb6nDFP/ncEIpfrKPXknGuIEO0oqPCUGfNJ5Alq5
Mc2ICPXYKlJQJAA1DgresRaZdpBj2ZE558s6m921R38IB3MAIUyNoiXOnnkNDTp4
vQHSZasbzDkfwjUQsMCX/F8CLsUTWx4vj0RQgqNEQL+um/EdAD1KQZmHkBSyeTyr
F74d4tsqO2HoYlPKFtWWNQ7V6Qx37ShrqWrKsoysl8xbCjMYyc0u6IoqsGqNeAUN
uTlMUtE3TiaU0Qib/3p+GjUOgnsrhPZrGakzAFw3ntMmt6khhLulN/+MBjibpRyY
H2IDW4YapNacIlp47W6AzaEcVZRprCphtiI28u5P2DU=
=Mdjp
-----END PGP SIGNATURE-----