APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-8 Additional information
for APPLE-SA-2019-9-26-5 watchOS 6

watchOS 6 addresses the following:

Audio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab
Entry added October 29, 2019

CFNetwork
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: This issue was addressed with improved checks.
CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland
Entry added October 29, 2019

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted movie may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Entry added October 29, 2019

CoreCrypto
Available for: Apple Watch Series 3 and later
Impact: Processing a large input may lead to a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2019-8741: Nicky Mouha of NIST
Entry added October 29, 2019

Foundation
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Entry added October 29, 2019

IOUSBDeviceFamily
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8718: Joshua Hill and Sem Voigtländer
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2019-8740: Mohamed Ghannam (@_simo36)
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: A local app may be able to read a persistent account
identifier
Description: A validation issue was addressed with improved logic.
CVE-2019-8809: Apple
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8717: Jann Horn of Google Project Zero
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8712: Mohamed Ghannam (@_simo36)
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory corruption issue existed in the handling of
IPv6 packets. This issue was addressed with improved memory
management.
CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team
Entry added October 29, 2019

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8709: derrek (@derrekr6)
[confirmed]derrek (@derrekr6)
Entry added October 29, 2019

libxml2
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in libxml2
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8749: found by OSS-Fuzz
CVE-2019-8756: found by OSS-Fuzz
Entry added October 29, 2019

mDNSResponder
Available for: Apple Watch Series 3 and later
Impact: An attacker in physical proximity may be able to passively
observe device names in AWDL communications
Description: This issue was resolved by replacing device names with a
random identifier.
CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Entry added October 29, 2019

UIFoundation
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Entry added October 29, 2019

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8710: found by OSS-Fuzz
CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of
ABLY Corporation
CVE-2019-8734: found by OSS-Fuzz
CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech
CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech
CVE-2019-8773: found by OSS-Fuzz

Additional recognition

Audio
We would like to acknowledge riusksk of VulWar Corp working with
Trend Micro's Zero Day Initiative for their assistance.
Entry added October 29, 2019

boringssl
We would like to acknowledge Thijs Alkemade (@xnyhps) of Computest
for their assistance.

HomeKit
We would like to acknowledge Tian Zhang for their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

mDNSResponder
We would like to acknowledge Gregor Lang of e.solutions GmbH for
their assistance.

Profiles
We would like to acknowledge Erik Johnson of Vernon Hills High School
and James Seeley (@Code4iOS) of Shriver Job Corps for their
assistance.

Safari
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) of
TurkishKit for their assistance.

WebKit
We would like to acknowledge MinJeong Kim of Information Security
Lab, Chungnam National University, JaeCheol Ryou of the Information
Security Lab, Chungnam National University in South Korea and cc
working with Trend Micro's Zero Day Initiative for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5YpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3uaQ/8
Cr7NbZBiZtNcFqTWgKmLUG74oGeAezZszeAPBvebqgekQV8QeQkaFf0CeQdVh6DU
GBup5ec3ibiYT97R1PQeG2pzo/0J7PA+lwT83Km27CscFebmwzn0FFTsKz0br48D
iwzqF5QaOkTAvIUza3eu3fKspd5NL0hGn+XfsHwJvBT0Au/WCi2+CcPYun0Ljyk1
bTfcr2qeUrpW4DXhY1IMH4jfAaKtk5Ey2SbQRxaZTPBDvzRhBAPI/seFU37ThauK
+Tt//NskF8QAXoBAJ5rXf2aqH0sQV8MmgsDWdGpyv5x2WS2UWXTJprXXf04ZtmxE
oCpYMRbVBT3XqQlQOou8P6nSvvhW0MO7W+KSN0Ru7bXsDCh6wAbXdNWhiEbxo0To
8Tfzwk1HFpcZpaHZZtTlduZicp5tDj12wgLj4xbOfbLPGiPoGbbt59NEVLPfCT0a
JLZ2HejoLLkK/4XqFA3dmL1UrWluMLxCW9Wvvq+mZGUrIzrVGtcsgEoSqp57OMwj
rGYRWZogIsq1p2OOVa7ALEchiQ1IyMxQxQwjsuKHFMvruYflRxk54Y8weMAbns5g
gj6VGbnFXrxa69B6cV/rH+sNRxREudrbXp80Oq24K8HUxnl70VAp5Mn7cweM02NY
iPFmSmjF8O/i9oQtUSrbi2UzRdNvH+oYuNeLdj/0qXM=
=53CM
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/