APPLE-SA-05-13-2024-7 watchOS 10.5

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

Maps
Available for: Apple Watch Series 4 and later
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University

RemoteViewServices
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

Shortcuts
Available for: Apple Watch Series 4 and later
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)
of Kandji

WebKit
Available for: Apple Watch Series 4 and later
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero
Day Initiative

Additional recognition

App Store
We would like to acknowledge an anonymous researcher for their
assistance.

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.

HearingCore
We would like to acknowledge an anonymous researcher for their
assistance.

Managed Configuration
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Instructions on how to update your Apple Watch software are available
at https://support.apple.com/HT204641  To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About".  Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtuoACgkQX+5d1TXa
IvoryhAA0MH7dQ2spvGCOs9o90Ha8QfUwkzV6S+x/kjtb+4dVh+Myyyxcq3HfJP/
71NRMcHvxM2nE7d23D9TSDdkKqEckR/vpgRMR9oPPy+bLnqccu7Rx02dIyOcW0AD
sOI+puKn2oVSENiQte+Rs5RBBslrzG5G+Ezr2BVyk5jA4q8f2yD3vFlc+4K6u4Xf
xcM0rgqLTQ1Pe4CiJepLZlm5/I4ub9jNHgYw37lrBg8ptBBOP722Mt+XeuHcE0tr
SCvoVCDePnbHPNzofgsSlv0bv6CpfvOYKgRouWzb3wf+a9Cg/2fPN39nZtVt7V+l
WqSJjgGB71QgwtRpmr/nWz3VKzSE9xdnu0H6BOrVAC9qYWn1Qz9S0bfTVhWJDCvk
XyGhpoHrsKOR/PDjm8nCx7MzqeWxsG/yaYHileud3a9tAx1g63kDrwaPjpG4sNg1
U5pvYLE942yOoImWyFkfcnf9UCGqwdYiNR8uFyfuPoBFhiCM85CjwD3tM2UG0H5Q
xxU1iYNIHPeDd4q5DEaFqtC3nNraY3JGoAO5im7vNFv4JcoiMb8ObNTLDkNduThd
q1uB74m37Pfqq/PT2xtnACHfWpvUpu/Gc0JcUuS+uMB1nUbvPQpNNJqx7WHwk3Q2
r8OvMZ1Vw+4APbZ7B5Jnj4pkxSAifC2HQ7FqytCGzRzGqHOrF60=
=+u2d
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/