exploit the possibilities

Apple Security Advisory 2020-11-13-6

Apple Security Advisory 2020-11-13-6
Posted Nov 14, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-6 - watchOS 7.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, spoof, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-15358, CVE-2020-9849, CVE-2020-9876, CVE-2020-9941, CVE-2020-9943, CVE-2020-9944, CVE-2020-9946, CVE-2020-9947, CVE-2020-9949, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9954, CVE-2020-9961, CVE-2020-9965, CVE-2020-9966, CVE-2020-9968, CVE-2020-9969, CVE-2020-9976, CVE-2020-9981, CVE-2020-9983, CVE-2020-9989, CVE-2020-9991, CVE-2020-9993
MD5 | 1b3f70a0b803d4aba27dee55ca9e87ef

Apple Security Advisory 2020-11-13-6

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-6 Additional information for
APPLE-SA-2020-09-16-4 watchOS 7.0

watchOS 7.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211844.

Audio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

Audio
Available for: Apple Watch Series 3 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreCapture
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020

Disk Images
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020

Keyboard
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020

Mail
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020

Messages
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020

Phone
Available for: Apple Watch Series 3 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB

Safari
Available for: Apple Watch Series 3 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020

Sandbox
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020

Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020

SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020

SQLite
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020

SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020

SQLite
Available for: Apple Watch Series 3 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020

SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Additional recognition

Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020

Bluetooth
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020

Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Entry added November 12, 2020

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020

Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020

Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020

Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added October 19, 2020, updated November 12, 2020

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com) for their assistance.
Entry added November 12, 2020

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxnUACgkQZcsbuWJ6
jjBSNA/9Fo7IsnnHAT7UAmepT0esn2tFafOZC9aupUH+KLAnslIqkhLibj8KdZ2z
jtpOn8IzYKrFXQOxm9x+QGjzmxNhBQE2fNQRiATIaOdpkgOz7j6yqIRSUqA2aN0y
QmaDwPzYEtEHKRF0Tk4cj8N8dGM3mgQTvS2YcTASFme/9jkbVX77F+CbbaxJUMHd
7fxUrMev+kTDx7kmG9aiec1+pfiV2JZUuv0a1IN7+VxbAHhVKHE2hDHNNPPLlG0Z
50sqhO/1vaRf6Ewe+A+xGi/Z31P81hhozyBZEcr8WDD7RBUA9QYyq7Duor6ZRUQ/
sUlTWctb+jPzyFePmYKEr7RIE1JSnANHHKMmLfTwLOaHqH5TMtcP6k6QRRVPjKBb
zeWg6Xheaz+5h6ymX5woYNbzGN9TaAysz2KeFO3mK9XjPaUbzEAJT9+IryHYSLnT
P3TgQw3g/HPVpWyp+s3fjcmpi9jGyxjdFezuMekeO4VktlgdK1lBs0gELPA0Zrkh
MRl1ztd4FbMMAKHAzIgIcUUg5kgMMC6hO/DCVMlHCctHoNQeh2rEQo15YRRCEfAo
OgDJsznRtf3hYsZC7Q19D8q0E/SeMtYrRdzjeSNvSQffyiNf3hvUcbxVYQMqm3Vw
/tzliqnfshdjfpxB6sS4oDrnEqrM/x+2oETEgzHXWa9nt1rrLBI=
=8ihy
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close