• APPLE-SA-2019-3-27-1 watchOS 5.2


    APPLE-SA-2019-3-27-1 watchOS 5.2

    watchOS 5.2 is now available and addresses the following:

    CFString
    Available for: Apple Watch Series 1 and later
    Impact: Processing a maliciously crafted string may lead to a denial
    of service
    Description: A validation issue was addressed with improved logic.
    CVE-2019-8516: SWIPS Team of Frifee Inc.

    configd
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A memory initialization issue was addressed with
    improved memory handling.
    CVE-2019-8552: Mohamed Ghannam (@_simo36)

    Contacts
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow issue was addressed with improved
    memory handling.
    CVE-2019-8511: an anonymous researcher

    CoreCrypto
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow was addressed with improved bounds
    checking.
    CVE-2019-8542: an anonymous researcher

    file
    Available for: Apple Watch Series 1 and later
    Impact: Processing a maliciously crafted file might disclose user
    information
    Description: An out-of-bounds read was addressed with improved bounds
    checking.
    CVE-2019-6237: an anonymous researcher

    Foundation
    Available for: Apple Watch Series 1 and later
    Impact: An application may be able to gain elevated privileges
    Description: A memory corruption issue was addressed with improved
    input validation.
    CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google
    Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel
    Groß of Google Project Zero

    GeoServices
    Available for: Apple Watch Series 1 and later
    Impact: Clicking a malicious SMS link may lead to arbitrary code
    execution
    Description: A memory corruption issue was addressed with improved
    validation.
    CVE-2019-8553: an anonymous researcher

    iAP
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow was addressed with improved bounds
    checking.
    CVE-2019-8542: an anonymous researcher

    IOHIDFamily
    Available for: Apple Watch Series 1 and later
    Impact: A local user may be able to cause unexpected system
    termination or read kernel memory
    Description: A memory corruption issue was addressed with improved
    state management.
    CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

    Kernel
    Available for: Apple Watch Series 1 and later
    Impact: A remote attacker may be able to cause unexpected system
    termination or corrupt kernel memory
    Description: A buffer overflow was addressed with improved size
    validation.
    CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

    Kernel
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to determine kernel
    memory layout
    Description: A memory initialization issue was addressed with
    improved memory handling.
    CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team

    Kernel
    Available for: Apple Watch Series 1 and later
    Impact: An application may be able to gain elevated privileges
    Description: A logic issue was addressed with improved state
    management.
    CVE-2019-8514: Samuel Groß of Google Project Zero

    Kernel
    Available for: Apple Watch Series 1 and later
    Impact: A local user may be able to read kernel memory
    Description: A memory corruption issue was addressed with improved
    memory handling.
    CVE-2019-7293: Ned Williamson of Google

    Kernel
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to determine kernel
    memory layout
    Description: An out-of-bounds read issue existed that led to the
    disclosure of kernel memory. This was addressed with improved input
    validation.
    CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
    CVE-2019-8510: Stefan Esser of Antid0te UG

    Messages
    Available for: Apple Watch Series 1 and later
    Impact: A local user may be able to view sensitive user information
    Description: An access issue was addressed with additional sandbox
    restrictions.
    CVE-2019-8546: ChiYuan Chang

    Passcode
    Available for: Apple Watch Series 1 and later
    Impact: A partially entered passcode may not clear when the device
    goes to sleep
    Description: An issue existed where partially entered passcodes may
    not clear when the device went to sleep.  This issue was addressed by
    clearing the passcode when a locked device sleeps.
    CVE-2019-8548: Tobias Sachs

    Power Management
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to execute arbitrary code
    with system privileges
    Description: Multiple input validation issues existed in MIG
    generated code. These issues were addressed with improved validation.
    CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
    (ssd-disclosure.com)

    Privacy
    Available for: Apple Watch Series 1 and later
    Impact: A malicious app may be able to track users between installs
    Description: A privacy issue existed in motion sensor calibration.
    This issue was addressed with improved motion sensor processing.
    CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
    University of Cambridge, Ian Sheret of Polymath Insight Limited

    Siri
    Available for: Apple Watch Series 1 and later
    Impact: A malicious application may be able to initiate a Dictation
    request without user authorization
    Description: An API issue existed in the handling of dictation
    requests. This issue was addressed with improved validation.
    CVE-2019-8502: Luke Deshotels of North Carolina State University,
    Jordan Beichler of North Carolina State University, William Enck of
    North Carolina State University, Costin Carabaș of University
    POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
    POLITEHNICA of Bucharest

    TrueTypeScaler
    Available for: Apple Watch Series 1 and later
    Impact: Processing a maliciously crafted font may result in the
    disclosure of process memory
    Description: An out-of-bounds read was addressed with improved bounds
    checking.
    CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
    Day Initiative

    WebKit
    Available for: Apple Watch Series 1 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed with
    improved memory handling.
    CVE-2019-8518: Samuel Groß of Google Project Zero
    CVE-2019-8558: Samuel Groß of Google Project Zero
    CVE-2019-8559: Apple
    CVE-2019-8563: Apple

    WebKit
    Available for: Apple Watch Series 1 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    memory handling.
    CVE-2019-8536: Apple
    CVE-2019-8544: an anonymous researcher

    WebKit
    Available for: Apple Watch Series 1 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A type confusion issue was addressed with improved
    memory handling.
    CVE-2019-8506: Samuel Groß of Google Project Zero

    WebKit
    Available for: Apple Watch Series 1 and later
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory
    Description: A validation issue was addressed with improved logic.
    CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

    Additional recognition

    Kernel
    We would like to acknowledge Brandon Azad of Google Project Zero for
    their assistance.

    Installation note:

    Instructions on how to update your Apple Watch software are
    available at https://support.apple.com/kb/HT204641

    To check the version on your Apple Watch, open the Apple Watch app
    on your iPhone and select "My Watch > General > About".

    Alternatively, on your watch, select "My Watch > General > About".

    Information will also be posted to the Apple Security Updates
    web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key,
    and details are available at:
    https://www.apple.com/support/security/pgp/

  • 相关阅读:
    python set 使用
    python判断字符串是字母 数字 大小写
    go语言中的运算符^,&
    golang 之 flag.String
    关于Mac或Linux下GO的Permission denied提示错误
    《算法竞赛进阶指南》0x05排序 POJ3784 对顶堆动态维护中位数
    大顶堆的基本操作(线性表建堆+siftup+siftdown+insert+delete)
    《算法竞赛进阶指南》0x05排序 环形均分纸牌问题
    SublimeText3配置c/c++环境
    《算法竞赛进阶指南》0x05 排序 离散化
  • 原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10682864.html
Copyright © 2020-2023  润新知