Home / mailingsPDF  

APPLE-SA-2020-12-14-5 watchOS 7.2

Posted on 15 December 2020
Apple Security-announce

APPLE-SA-2020-12-14-5 watchOS 7.2

watchOS 7.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212009.

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero

FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed with improved input validation.
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab

ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero

Security
Available for: Apple Watch Series 3 and later
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks.
CVE-2020-27951: Apple

WebRTC
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP

Mailings :

Exploits :