APPLE-SA-2018-10-30-4 watchOS 5.1

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2018-10-30-4 watchOS 5.1</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security &lt;product-security-noreply () lists apple com&gt;


<em>Date</em>: Tue, 30 Oct 2018 11:58:27 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-10-30-4 watchOS 5.1

watchOS 5.1 is now available and addresses the following:

AppleAVD
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero

CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum

ICU
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher

IPSec
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)

NetworkExtension
Available for: Apple Watch Series 1 and later
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher

Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)

Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)

Security
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team

WiFi
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Certificate Signing
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at <a rel="nofollow" href="https://support.apple.com/kb/HT204641">https://support.apple.com/kb/HT204641</a>

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch &gt; General &gt; About".

Alternatively, on your watch, select "My Watch &gt; General &gt; About".

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EA8g/+
Ll91rTID6pn6oncXh+evrELJOBBZwZZh2mRNHh/yFK2bIt7v6MLas+ez9cDh8SXE
dvS5EeIBwNDr7drVbk14JOLADKsDcJUEfCUHCno1iJfAzIQC5N+eJyzgNZlOlzXG
8sNKn7gv2VxVW6CXKbSSX2VgyZ+UUIpU6Bmoj4ZsasycBLBNG6ZC+07ZAZfxBpL4
jcJz1Zq0ZueaxwV+21Are/51pMzC3tHuO77BTWCV8OTLROi72BuvfLtIcLG0HkRS
nKsB3Qt6NcwuzvPR0HedCWsH+2DR3fyHNkHou47KM0vlW5BmgvVXj6KOTMvVm3o0
3WegNySOTPKyUdVWNQWm/n3TqwuT7Ahpfb+tg0nCQ+7cS7DukFfHET++J21ihNpG
YHUqa/dCnvNj+F7aUHwsW9aL7ZXsJphyRBhG5896z56N5diSPQ2rAnszgvGVNyEW
PXEVCFcOOGuxvkN20LP+/EawOb/NTp2JlL5HexzBpYmH88GMjIN1pYQmG4izSG3M
P0uQTui3aBE39wR2BwUSkI0PVxmumqDGKPk+exyxExcOuPPQo2OwIxki8az2taMf
6iFjZWyIeS5ZwHy8XOca7Oe+4yM8WLnfPiX34JkdH5a0hsC1Y/e6E5IhGwpNcpnt
q3709XOMbW2YjH1WyGrjUGgrrOJbq3Y5XM7dvkuXsuY=
=m0yh
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2018-10-30-4 watchOS 5.1</strong> <em>Apple Product Security (Nov 02)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>