Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="38"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#39">By Date</a>
<a href="40"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="38"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#39">By Thread</a>
<a href="40"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>
</div>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2020-09-16-4 watchOS 7.0</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<em>From</em>: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
<em>Date</em>: Wed, 16 Sep 2020 14:55:38 -0700
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-4 watchOS 7.0
watchOS 7.0 is now available and addresses the following:
Keyboard
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Phone
Available for: Apple Watch Series 3 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
Bluetooth
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, and an anonymous researcher for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at <a rel="nofollow" href="https://support.apple.com/kb/HT204641">https://support.apple.com/kb/HT204641</a>
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igqcACgkQZcsbuWJ6
jjAWSw/8DKaYHQ01EPfcTwIcNJBQzwuzwsM6Veo5D9q7asIoxPBAvPa/aFEmypLC
+yMwvYY+/skjhLs7hx/fkxBelikQ8yPyIbqkfkoR4n3kpApDHhn0i1tRhhwNFeP1
Pd20DB1y2+enHIF3fQDWkywp72s1sjrBCtm47xVbZ9Z2mhHWaoOw3Cj8m/qr1ZfF
hA+CI9T1ubNEstDo596BqbiSnJfAYM3GlpEcGZr8UpXsP9LSlbgAUwum47LrZGCS
bAbgg1KiyQZ0ATbxwjbWG5UUo64SX/fkE/09xo6M3VKg3JqQ3kgzakCX+UX0lzVh
u5PFmg1IQ0fjMlP3Sy19Bf8gHfAvDbWwFs8IRSMH0RZLercL/ycpkHxPEMawydOt
UnMaqec4lKcWLZclv+/WbqLQ/206gQPXS7pFNQ6Mn/IIpMqCdJgA2LNsjXdyX9+8
vvsbvOen6X29yM6WonO6fj9438zX1hP2SgnPLx9jkvx911lD4qGGQ0pCfWFln8bR
Bgi8I9Ubv7NXoyT9y+vnaxb/z/mGc+aVKQaFrSQWJ+hD5gTrhMvSizE8Fsz2eZs8
UXU70WZ5REaFauGSVsrF56TPB1SAvxW21vP6ALKc1RP4kBIrSTdr822c/0jtM3VI
YZ/Zi4Bew4vSUOqIRGw8oUfyIiP5lt2FLOEHN8Mtpvin24KOVW4=
=5wu7
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives & RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="38"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#39">By Date</a>
<a href="40"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="38"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#39">By Thread</a>
<a href="40"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2020-09-16-4 watchOS 7.0</strong> <em>Apple Product Security via Fulldisclosure (Sep 18)</em>
</li></ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>