-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213253.

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22675: an anonymous researcher

DriverKit
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative

IOMobileFrameBuffer
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26771: an anonymous researcher

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel
Available for: Apple Watch Series 3 and later
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices
Available for: Apple Watch Series 3 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308

Security
Available for: Apple Watch Series 3 and later
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

TCC
Available for: Apple Watch Series 3 and later
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi
Available for: Apple Watch Series 3 and later
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.

WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.

Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641  To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About".  Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p
rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w
XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe
ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6
FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz
aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG
rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN
Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1
TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9
i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC
AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2
MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI=
=zdvf
-----END PGP SIGNATURE-----