-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-07-20-6 watchOS 8.7

watchOS 8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213340.

APFS
Available for: Apple Watch Series 3 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow issue was addressed with improved
bounds checking.
CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)

AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine
Available for devices with Apple Neural Engine: Apple Watch Series 4
and later
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)

Apple Neural Engine
Available for devices with Apple Neural Engine: Apple Watch Series 4
and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)

Apple Neural Engine
Available for devices with Apple Neural Engine: Apple Watch Series 4
and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)

Audio
Available for: Apple Watch Series 3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher

Audio
Available for: Apple Watch Series 3 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreText
Available for: Apple Watch Series 3 and later
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events
Available for: Apple Watch Series 3 and later
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers
Available for: Apple Watch Series 3 and later
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher

GPU Drivers
Available for: Apple Watch Series 3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)

ICU
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575

Kernel
Available for: Apple Watch Series 3 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel
Available for: Apple Watch Series 3 and later
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel
Available for: Apple Watch Series 3 and later
Impact: An app with arbitrary kernel read and write capability may be
able to bypass Pointer Authentication
Description: A logic issue was addressed with improved state
management.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis
Available for: Apple Watch Series 3 and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)

libxml2
Available for: Apple Watch Series 3 and later
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823

Multi-Touch
Available for: Apple Watch Series 3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Multi-Touch
Available for: Apple Watch Series 3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Software Update
Available for: Apple Watch Series 3 and later
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit
Available for: Apple Watch Series 3 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative

Wi-Fi
Available for: Apple Watch Series 3 and later
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.

Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641  To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About".  Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p
rhjSsg//XnukSPtKHk58IOSkcWaTk0WdrYv2+dGbdgkcPBgO2ehNQqk1xI3LDHLN
b6A5MMaoR4ityTEC+i4XFWxVJNfzXFa1SHMiht1uJDtaNCc2F+VIP+EZJx2KYe7H
O8F0g9lF33hQE3xDjrwtPe+7wYjfzgDX8iCbsfaNDPAWBq0BfNA8/4bv5GzPaPC4
qcP+W9IRb11yAzlnCEgJNhMB0SLwtzpcUYLKcJbPdilABeYe08CLIIVAw2vKI1Kk
J7sk/ZiGKnB1ZHa+fl17ahApKkLePnFtHR9rMseEpyRbPa7EvomZxUQoLvbaDf+Q
gRqtysAw8oxfhetorvDFwAem3eCRdgJ/T/0U6jC+4dfHzVnGxV27K/PgF3GWRDU5
trPVZ0cu8qdzgNAwSuRHTxTg923FN7cR14NL66TkGZ1d/VKfn1l0h1wctoPOhHPR
zWJi5P8WbprG1XVWNx+aJYW09VIMsujJrrGQSn78o6gXOR2salEDiCs2JixKZnqK
CV4+uGQIiE8bD0oA1B1uFQiPx3XtgOY92QQl8Jnn/7Xa6QQ0hq/3NmDN66RzO78S
I4pH4Vt/L0LNoArGMCrO4URpLiQx5Au0niH5+jbvHyWr1Bm3Y+dMRP1yds3aLQ0Q
16FIrWStzY+cnmOXQKczTIiaJYuSMjCOQicLuWx/q2ghfLCJ16E=
=6Uj+
-----END PGP SIGNATURE-----