-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-5 watchOS 3

The watchOS 3 advisory has been updated to include additional entries
as noted below.

Audio
Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016

CFNetwork
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016

CoreCrypto
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016

FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016

GeoServices
Available for: All Apple Watch models
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)

IOAcceleratorFamily
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016

IOAcceleratorFamily
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: An anonymous researcher
Entry added September 20, 2016

Kernel
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: All Apple Watch models
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016

libxml2
Available for: All Apple Watch models
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016

libxslt
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016

Security
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4737: Apple
Entry added September 20, 2016

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah
yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P
3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G
a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC
xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd
XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy
GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I
OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X
fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf
Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0
4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt
yHVD9Vuo3lqcs8fMnUow
=yYuL
-----END PGP SIGNATURE-----