-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 is now available and addresses the following:

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Digital Touch
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8624: Natalie Silvanovich of Google Project Zero

FaceTime
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu

Foundation
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Heimdal
Available for: Apple Watch Series 1 and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst

libxslt
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz

Messages
Available for: Apple Watch Series 1 and later
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of
University of Oregon

Messages
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing

Quick Look
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero

Siri
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

UIFoundation
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

Wallet
Available for: Apple Watch Series 1 and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8682: Jeff Braswell (JeffBraswell.com)

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero

Additional recognition

MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl01+gkACgkQeC9tht7T
K3GnUw//Qwhsn+qtm6dr4oSw6fnasli9MVb8sUkOOKUMmBZsxOwnnMzBDs4xXEq4
+GR9hOOmsYfa2VYefVvrRpd+JiP2zw1py+7x1T7x+YyiOWGIrtL9O6hnF2YjzakC
4aI4NKrhy9YLety5anCubR0Sx/SV5tl2yt/IFMcgcrxD/SFChEyzFM/GTbWWhxSI
0kC5C1HjIm9VEtNE7o4HqGs0+TrxZaZNOfwiIDaERNuFSYBvUATK8La5AimzXZr2
PUU2NV9pxwRZpKUuSg/wDI5JNrzPUiB0+7vkBodTeeFpNTniNrZbHTJkNlpxauEY
inZ7sh362SRbWn4cSsmflmA3Fe3NhaZ6Z5PHfLvDnywDziIHIcvuSI2J3ueb7mtW
qS6a4sH5MHsF507mdVNSI3SjPtCMp1u/2c3LcP9v0SM2JtoYg/DF6LBxKLvZvaE8
gMiSI+37eCRLfClMPhdtmIX5UABLphQ1/3P4KQq7ferqMEB4eFCm5ylbzLXah84P
UssiM32rUXK0DVucoX9rLzQUAGKOF6mZZnFk2CI4UFhzsWeE4oFEbtyJSbf3zM0h
K9wRJ5PzsCGOgPwLvvvKsSiK09swVNX8/PnMKBK2atXqBOxXdZ7qv9g0rodNnL/B
j2wBBi1BaG4EabCVs3/qGfOfmPVjXTmkZ0WtI0GfuSu9NYyOL3g=
=XnoM
-----END PGP SIGNATURE-----