Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8

Related Vulnerabilities: CVE-2021-30837   CVE-2021-30811   CVE-2021-30866   CVE-2021-30834   CVE-2021-30882   CVE-2021-30831   CVE-2021-30840   CVE-2021-30841   CVE-2021-30842   CVE-2021-30843   CVE-2021-30852   CVE-2021-30814   CVE-2021-30835   CVE-2021-30847   CVE-2021-30857   CVE-2013-0340   CVE-2021-30855   CVE-2021-30854   CVE-2021-30808   CVE-2021-30884   CVE-2021-30818   CVE-2021-30823   CVE-2021-30836   CVE-2021-30809   CVE-2021-30846   CVE-2021-30849   CVE-2021-30851   CVE-2021-30810  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="61"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#62">By Date</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="61"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#62">By Thread</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Tue, 26 Oct 2021 16:29:35 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-10-26-10 Additional information for
APPLE-SA-2021-09-20-2 watchOS 8

watchOS 8 addresses the following issues.
Information about the security content is also available at
<a rel="nofollow" href="https://support.apple.com/HT212819">https://support.apple.com/HT212819</a>.

Accessory Manager
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher

AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir

bootp
Available for: Apple Watch Series 3 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021

FaceTime
Available for: Apple Watch Series 3 and later
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab

Foundation
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab

Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab

libexpat
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher

Preferences
Available for: Apple Watch Series 3 and later
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Preferences
Available for: Apple Watch Series 3 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero

Wi-Fi
Available for: Apple Watch Series 3 and later
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher

Additional recognition

Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

UIKit
We would like to acknowledge an anonymous researcher for their
assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at <a rel="nofollow" href="https://support.apple.com/kb/HT204641">https://support.apple.com/kb/HT204641</a>

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch &gt; General &gt; About".

Alternatively, on your watch, select "My Watch &gt; General &gt; About".

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p
rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f
Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+
cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR
DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs
7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI
YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG
mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu
W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ
078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j
i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe
57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=
=mdve
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="61"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#62">By Date</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="61"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#62">By Thread</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8</strong> <em>Apple Product Security via Fulldisclosure (Oct 27)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started