-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-1-28-3 watchOS 6.1.2

watchOS 6.1.2 is now available and addresses the following:

AnnotationKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's
Zero Day Initiative

Audio
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

ImageIO
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3870
CVE-2020-3878: Samuel Groß of Google Project Zero

IOAcceleratorFamily
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3837: Brandon Azad of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An access issue was addressed with improved memory
management.
CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of
Cognite

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-3834: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc,
Luyi Xing of Indiana University Bloomington

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3860: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero

libxpc
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3856: Ian Beer of Google Project Zero

libxpc
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-3829: Ian Beer of Google Project Zero

wifivelocityd
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Additional recognition

IOSurface
We would like to acknowledge Liang Chen (@chenliang0817) for their
assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y
0M2stQ/+OuyWKYzmyoukbioqc52unZuM9BR/7DSPTXV3V2DZiOnbB9g/GjSXfZ6B
MwgIrhKfXW3krfSQFgeQVeAeoZWSYNpp3+C+gmc1o1sJwuFOIljiLGLAZGYh18u+
/eLLKFPQEmTn7JxQyIltCmVba3RHK0/ejmM9Ixrxz7LfwDlYJAJpfUnv7othupHx
17VvkPb4FRIiwpi1XF3iqDAtm6KXe8PJth5HaLpvLFUFo+AqEIF1UdK6iB4Sn6GO
Qm5xmuJHLZvz6Bbz211LcWmyR5qFtp/FsIDIR9kX8g1DnaUY4/7atF5CAwA4hiz5
dW+2hYwG7XLg2b0i+MMatEOrT90CAfb1gMK2WdAbPOfVkuCDAM4GAGI1EkCYPUhP
/nxw9EVPlfSkxqcIRgw4dg3T3Sij29UAoh8R11I+Q4rkWZU6t8QDohZ8Nwo1W3DZ
XCa5sRmoXw5oKgQTby+aDd2Bk5IeLWThOJy0sx42BlMAhynh008PJZmFIQLXwgiI
5Scf2BMc8SxO1TwuyTyOoOx3Y82PfFw1Pw7dgoNlXcMZa/nzSUEzg7zJhKr3JGs+
tusuHY5pFE5ATTVifBPREyPc79KhaLF4BjlH58VYaPw09jyC0cb8C61foGsR1BjT
Ua+Wg313tcHsC4gUUFn9dtLzJcgx+7GlDglpAPGIxd7OOeotvD8=
=ZxyW
-----END PGP SIGNATURE-----