—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256<\/p>\n
APPLE-SA-05-13-2024-7 watchOS 10.5<\/p>\n
watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https:\/\/support.apple.com\/HT214104.<\/p>\n
Apple maintains a Security Releases page at
https:\/\/support.apple.com\/HT201222 which lists recent
software updates with security advisories.<\/p>\n
AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)<\/p>\n
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n
Maps
Available for: Apple Watch Series 4 and later
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University<\/p>\n
RemoteViewServices
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n
Shortcuts
Available for: Apple Watch Series 4 and later
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)
of Kandji<\/p>\n
WebKit
Available for: Apple Watch Series 4 and later
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative<\/p>\n
Additional recognition<\/p>\n
App Store
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n
CoreHAP
We would like to acknowledge Adrian Cable for their assistance.<\/p>\n
HearingCore
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n
Managed Configuration
We would like to acknowledge \u9065\u9065\u9886\u5148 (@\u6674\u5929\u7ec4\u7ec7) for their assistance.<\/p>\n
Instructions on how to update your Apple Watch software are available
at https:\/\/support.apple.com\/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
“My Watch > General > About”. Alternatively, on your watch, select
“My Watch > General > About”.
All information is also posted on the Apple Security Releases
web site: https:\/\/support.apple.com\/HT201222.<\/p>\n
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https:\/\/www.apple.com\/support\/security\/pgp\/
—–BEGIN PGP SIGNATURE—–<\/p>\n
iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmZCtuoACgkQX+5d1TXa
IvoryhAA0MH7dQ2spvGCOs9o90Ha8QfUwkzV6S+x\/kjtb+4dVh+Myyyxcq3HfJP\/
71NRMcHvxM2nE7d23D9TSDdkKqEckR\/vpgRMR9oPPy+bLnqccu7Rx02dIyOcW0AD
sOI+puKn2oVSENiQte+Rs5RBBslrzG5G+Ezr2BVyk5jA4q8f2yD3vFlc+4K6u4Xf
xcM0rgqLTQ1Pe4CiJepLZlm5\/I4ub9jNHgYw37lrBg8ptBBOP722Mt+XeuHcE0tr
SCvoVCDePnbHPNzofgsSlv0bv6CpfvOYKgRouWzb3wf+a9Cg\/2fPN39nZtVt7V+l
WqSJjgGB71QgwtRpmr\/nWz3VKzSE9xdnu0H6BOrVAC9qYWn1Qz9S0bfTVhWJDCvk
XyGhpoHrsKOR\/PDjm8nCx7MzqeWxsG\/yaYHileud3a9tAx1g63kDrwaPjpG4sNg1
U5pvYLE942yOoImWyFkfcnf9UCGqwdYiNR8uFyfuPoBFhiCM85CjwD3tM2UG0H5Q
xxU1iYNIHPeDd4q5DEaFqtC3nNraY3JGoAO5im7vNFv4JcoiMb8ObNTLDkNduThd
q1uB74m37Pfqq\/PT2xtnACHfWpvUpu\/Gc0JcUuS+uMB1nUbvPQpNNJqx7WHwk3Q2
r8OvMZ1Vw+4APbZ7B5Jnj4pkxSAifC2HQ7FqytCGzRzGqHOrF60=
=+u2d
—–END PGP SIGNATURE—–<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA256 APPLE-SA-05-13-2024-7 watchOS 10.5 watchOS 10.5 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/HT214104. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/HT201222 which lists recentsoftware updates with security advisories. AppleAVDAvailable for: Apple Watch Series 4 and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56849","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56849"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56849\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}