Apple Security Advisory 2021-10-26-6 – Torchsec

APPLE-SA-2021-10-26-6 watchOS 8.1

watchOS 8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212874.

Audio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab

ColorSync
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919

FileProvider
Available for: Apple Watch Series 3 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360

Game Center
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev

Game Center
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev

iCloud
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga

IOMobileFrameBuffer
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr

Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab

UIKit
Available for: Apple Watch Series 3 and later
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.

WebKit
Available for: Apple Watch Series 3 and later
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher

Additional recognition

iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.

Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.

WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4htAACgkQeC9qKD1p
rhgUWA//SbDuER3CFjs5xB0BeARUai/APOn+DFlOPPnz24GnCmy+5DvtascGravv
L3tN6fNRtFo60H4td23pgIng0IwRgEiKfZjoUfyX/DPb6VXJVsHPv7pXjlFhzSd3
2/6hxQ9GNPqTLj05iMcu/EIfmm7t7JdZFYuCugJ6WrqPob3bEQmr69UV2/DD4LG3
Uqp4xsBJnRnMGJhtyzf9JBv5JbMd/SVmOnOj6E7zHiUeW5ZW61uGj1XstGN9LtbW
/s3qn2n2cBSFZ+cFR+Jg6no71AR9afLeA6lB9mrrC2BwQmeJ4h2Q/Z5woDj0DNYe
VE+Ku/hIyYq8hp+nAeoKpmLPA/WQcIWY/R1A5giEnmJljl1w8d3ZpdWSZ6eQHWd2
x8Al7wpuQ9xnPkF+sPwHWaU5UySuq/HiPAs8500fLyPbe9ipobEI7UcACE2EEPXT
zEUFU75T3RcJ8X6YnRM8p/yj8PwUGal0o0sS7j7wJO8wCxHA3c2NaYCmsA33QMdh
YMF/FTqaBYnLMVVwROb4aXFrVju8upu6q7l3/CnOjLB5VD8qyfwKSlJvC+tkgdmG
kpJ248DHdsHhdlqVq7oC1Oh8GQCSChaFB+BgQ4k5XlSGqxSaJNFNMfx6rxGy6S88
AzZZJz5Dn1zl2GzMIILl1WA5JUZzt8eEcIzCZYVv1Atsw8maj4o=
=x3cn
-----END PGP SIGNATURE-----

Comments are closed.