Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2020-12-14-5 watchOS 7.2

Related Vulnerabilities: CVE-2020-27948   CVE-2020-27946   CVE-2020-27943   CVE-2020-27944   CVE-2020-29617   CVE-2020-29619   CVE-2020-29618   CVE-2020-29611   CVE-2020-27951   CVE-2020-15969  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#27">By Date</a>
<a href="28"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#27">By Thread</a>
<a href="28"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2020-12-14-5 watchOS 7.2</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Mon, 14 Dec 2020 17:17:29 -0800


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-12-14-5 watchOS 7.2

watchOS 7.2 addresses the following issues. Information about
the security content is also available at
<a rel="nofollow" href="https://support.apple.com/HT212009">https://support.apple.com/HT212009</a>.

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed with improved input validation.
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero

Security
Available for: Apple Watch Series 3 and later
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks.
CVE-2020-27951: Apple

WebRTC
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at <a rel="nofollow" href="https://support.apple.com/kb/HT204641">https://support.apple.com/kb/HT204641</a>

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch &gt; General &gt; About".

Alternatively, on your watch, select "My Watch &gt; General &gt; About".

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBloACgkQZcsbuWJ6
jjA/Vw/8CRpjZD1xQliZmwUBz0S/PjqiSR5BzxeNAeeRFnegcPPsHChw9N3lwmAt
GdWTKhNkSCnPAGvL4M66ISwNo5S37nXYTvNBa91H7vcLKFZ+9fLeZu9vF7Z+WyiC
SbQNbnX3md2a1P+RC0QdefQ1IWVcDcV6sNs0ghbhCiRmrFra6Mq8ah0TpzOCvDKc
ywC+By4z2mDy6IR70AzDIgS0P08Y0UjvzRb7nX4FysnUXFTpORBEdWhrio4CtXch
A+g0jXD1KQFMTvR/vdiWqLBTIZhalPF+DZaGakNmP4qxwZOQnNpAKc3IbtaURyC7
CD3HDdlZYjMtr9Fs+3u/pcMOxFrhborrBfjD+pfgA2c+50eTaEvtnej7Fe2Ds3BL
nU/Pdl/0i8u9EsO6JiHl8Ti5zor6bFmywTTpkQ+9eQFAx5sthozEeNS3EWsQYk/r
cQJW2WZOSCkevY15gh+NnGBpF79TIIkOJ6GyQC+nnqWsrN0RcX0UVtcrtTS96vNj
1ItE8rhZTDCecj1ln0HawyKZ66oYK3A4jt7YOpd2VckS6Ex9KaFaBnruY0v+n8ny
T4PGZvRjsyhdobBLvwqIOynknOrRtZYTKihA4vZGVuoaiL6/7It83J3cJfPFnULg
qCBgv6XebLAaK1e+q7QoFU5r5p9aCT1/MtO9GYyCv9CLaMt1rwI=
=50W4
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#27">By Date</a>
<a href="28"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#27">By Thread</a>
<a href="28"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2020-12-14-5 watchOS 7.2</strong> <em>Apple Product Security via Fulldisclosure (Dec 15)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started