exploit the possibilities

Apple Security Advisory 2019-12-10-8

Apple Security Advisory 2019-12-10-8
Posted Dec 12, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-12-10-8 - watchOS 6.1.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2019-15903, CVE-2019-8828, CVE-2019-8830, CVE-2019-8832, CVE-2019-8833, CVE-2019-8836, CVE-2019-8838, CVE-2019-8844, CVE-2019-8848, CVE-2019-8856
MD5 | 89e0fdbafe8925445e671261927ede83

Apple Security Advisory 2019-12-10-8

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-12-10-8 watchOS 6.1.1

watchOS 6.1.1 is now available and addresses the following:

CallKit
Available for: Apple Watch Series 1 and later
Impact: Calls made using Siri may be initiated using the wrong
cellular plan on devices with two active plans
Description: An API issue existed in the handling of outgoing phone
calls initiated with Siri. This issue was addressed with improved
state handling.
CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL

CFNetwork Proxies
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team

FaceTime
Available for: Apple Watch Series 1 and later
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8830: Natalie Silvanovich of Google Project Zero

IOUSBDeviceFamily
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8833: Ian Beer of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8828: Cim Stordal of Cognite
CVE-2019-8838: Dr Silvio Cesare of InfoSect

libexpat
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted XML file may lead to disclosure
of user information
Description: This issue was addressed by updating to expat version
2.2.8.
CVE-2019-15903: Joonun Jang

Security
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8832: Insu Yun of SSLab at Georgia Tech

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8844: William Bowling (@wcbowling)

Additional recognition

Accounts
We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and
Tom Snelling of Loughborough University for their assistance.

Core Data
We would like to acknowledge Natalie Silvanovich of Google Project
Zero for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFr0ACgkQBz4uGe3y
0M3ibQ/+Oe5QaqGIxkCPgm0CR+0Zd+tVtVICpqIIEhtBNQYRAkJlzVlkwLwtJVvu
TUolgK4uRCX2lDCvFh0dI0ZeVtmV+8J/QgngIeFePujHHFFwsEKp8wVMNEqVtf3n
hmp+yzv4Ess05PP5dIcNQHETJzzZMvxD8FFKIbGhqPwbNSWhvvfnD3RaUG9Lnpqc
Fy1v2iXMUeY1zZWJcpin+PmdQUykQTA+yYKcNdZe5iyfZN7eB3NH9ETfRONSuMTj
hX5B3Aw7Vz82Nbcgs4cldi5J/hKgztzJ1WUOaeBCQ8MUtq8Nw89hBmu/ofExlADl
+OmgML4tkBX5+BlcH8e1bSixB6CvccbUdNO64SCim2xklv4LBfSaxAfnTphpY9Er
6WZ+UJPEaKyVFXnhy2awBoWpsPnSsZeQ8EavGOPMf2PihtnUpCBn0FeVjLrdJ+0h
qHzzaSpA8+mhU0lmdPPv1OB8xrXXwHtBVXahUmLZCKWuFwGbGtYX4OvvExWTv44X
w5hGYsr3evRKThEp8VN8xJCkaIOdLYP3XTE1B+ItN0V89EBkK++8rfBL433HgcUQ
R51YvVFiOSHSDLbLHYBCSdTtxNV6rLZPD2KtyElTAiiNckKaKL2h45VE/0YvCRNB
7eAoX1SX111SbJgT8TEn5PhoEMldiS5oAmjleCrgMbj+s+APQV0®qk
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close