exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2019-12-10-8

Apple Security Advisory 2019-12-10-8
Posted Dec 12, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-12-10-8 - watchOS 6.1.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2019-15903, CVE-2019-8828, CVE-2019-8830, CVE-2019-8832, CVE-2019-8833, CVE-2019-8836, CVE-2019-8838, CVE-2019-8844, CVE-2019-8848, CVE-2019-8856
SHA-256 | b171b83171902587ee3e7c6a2ee6f0276f92906704016d21430a0f5f72bfdde5

Apple Security Advisory 2019-12-10-8

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-12-10-8 watchOS 6.1.1

watchOS 6.1.1 is now available and addresses the following:

CallKit
Available for: Apple Watch Series 1 and later
Impact: Calls made using Siri may be initiated using the wrong
cellular plan on devices with two active plans
Description: An API issue existed in the handling of outgoing phone
calls initiated with Siri. This issue was addressed with improved
state handling.
CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL

CFNetwork Proxies
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team

FaceTime
Available for: Apple Watch Series 1 and later
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8830: Natalie Silvanovich of Google Project Zero

IOUSBDeviceFamily
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8833: Ian Beer of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8828: Cim Stordal of Cognite
CVE-2019-8838: Dr Silvio Cesare of InfoSect

libexpat
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted XML file may lead to disclosure
of user information
Description: This issue was addressed by updating to expat version
2.2.8.
CVE-2019-15903: Joonun Jang

Security
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8832: Insu Yun of SSLab at Georgia Tech

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8844: William Bowling (@wcbowling)

Additional recognition

Accounts
We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and
Tom Snelling of Loughborough University for their assistance.

Core Data
We would like to acknowledge Natalie Silvanovich of Google Project
Zero for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFr0ACgkQBz4uGe3y
0M3ibQ/+Oe5QaqGIxkCPgm0CR+0Zd+tVtVICpqIIEhtBNQYRAkJlzVlkwLwtJVvu
TUolgK4uRCX2lDCvFh0dI0ZeVtmV+8J/QgngIeFePujHHFFwsEKp8wVMNEqVtf3n
hmp+yzv4Ess05PP5dIcNQHETJzzZMvxD8FFKIbGhqPwbNSWhvvfnD3RaUG9Lnpqc
Fy1v2iXMUeY1zZWJcpin+PmdQUykQTA+yYKcNdZe5iyfZN7eB3NH9ETfRONSuMTj
hX5B3Aw7Vz82Nbcgs4cldi5J/hKgztzJ1WUOaeBCQ8MUtq8Nw89hBmu/ofExlADl
+OmgML4tkBX5+BlcH8e1bSixB6CvccbUdNO64SCim2xklv4LBfSaxAfnTphpY9Er
6WZ+UJPEaKyVFXnhy2awBoWpsPnSsZeQ8EavGOPMf2PihtnUpCBn0FeVjLrdJ+0h
qHzzaSpA8+mhU0lmdPPv1OB8xrXXwHtBVXahUmLZCKWuFwGbGtYX4OvvExWTv44X
w5hGYsr3evRKThEp8VN8xJCkaIOdLYP3XTE1B+ItN0V89EBkK++8rfBL433HgcUQ
R51YvVFiOSHSDLbLHYBCSdTtxNV6rLZPD2KtyElTAiiNckKaKL2h45VE/0YvCRNB
7eAoX1SX111SbJgT8TEn5PhoEMldiS5oAmjleCrgMbj+s+APQV0®qk
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close