—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256
APPLE-SA-2018-12-06-1 watchOS 5.1.2
watchOS 5.1.2 is now available and addresses the following:
Airport Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4303: Mohamed Ghannam (@_simo36)
Disk Images Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4465: Pangu Team
Kernel Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed by removing the vulnerable code. CVE-2018-4460: Kevin Backhouse of Semmle Security Research Team
Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4431: An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4447: Juwei Lin(@panicaII) and Zhengyu Dong of TrendMicro Mobile Security Team
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved restrictions. CVE-2018-4435: Jann Horn of Google Project Zero, Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security Team
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4461: Ian Beer of Google Project Zero
LinkPresentation Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted email may lead to user interface spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4429: Victor Le Pochat of imec-DistriNet, KU Leuven
Profiles Available for: Apple Watch Series 1 and later Impact: An untrusted configuration profile may be incorrectly displayed as verified Description: A certificate validation issue existed in configuration profiles. This was addressed with additional checks. CVE-2018-4436: James Seeley @Code4iOS, Joseph S. of Wyong High School
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4441: lokihardt of Google Project Zero CVE-2018-4442: lokihardt of Google Project Zero CVE-2018-4443: lokihardt of Google Project Zero
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2018-4438: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are available at support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select “My Watch > General > About”.
Alternatively, on your watch, select “My Watch > General > About”.
Information will also be posted to the Apple Security Updates web site: support.apple.com/kb/HT201222
This message is signed with Apple’s Product Security PGP key, and details are available at: www.apple.com/support/security/pgp/ —–BEGIN PGP SIGNATURE—–
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlwJWL0pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GN+xAA u1S9PoDcWtzSI14X0wKpmUQdHukulRjPCufglaaLQbo6pTPesnb1IFZ+jvj+NpS9 WQabjt/9e1ad9Oc3uMmzhGU5uuRCg1TPg/+MHyxnILwDFr/AHYmVrWrOk3tQ6rw9 egbglSNbytNVQbdR5GH3yXhVy0TBI6GnzUt8MgVUfYRUOoNuL0GypqI3S9X7PvI1 SfqoL/O+NqapPhnClPx+SFMrQltrvEGayBAEpLUV193suFDiHf3/YSB7+z1NMvZg hhfrc6aE2mwkKlBdV4/XtcKJKSe8wNgZJR10+6R1UIWQX503CoBgDC5joVnPulZR Boa3X/nGb5iu2DY2ZnR9UJn2MHVL/Xi7gesyhvc7dUgSttxXnupJGJFF0Fy4eAqB /WWzbJO/2kfKR+PJnowWZd+09sSHLq2bD9LCNvMyNrbDjJzqVPSCSM3ao2O9VCta 5aUVPt1Xa7nK4N31etXXBNxA37r5GIA2M1UNk4zKxpuhij4OOiDxWwvtzBEuBw1p ktDBQ0bvSwzJiqhDwS/EQLfw8TuXBf/th3P/Szx7zLZQCu3o9uUfI7500wDPZW/R VUhOrEbKRpvKyKFC1Kia+yef4oK9rjwb9wtYsXk86X3pCxinhJe27u862PSVS3IJ cTa2Cwy8jUiLaA2EomRwzk9Hp0HFf+eF6sSwYz5VolQ= =kQmr —–END PGP SIGNATURE—–

Get a domain name here from 4.99