Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32564
HistoryOct 25, 2015 - 12:00 a.m.

APPLE-SA-2015-10-21-2 watchOS 2.0.1

2015-10-2500:00:00
vulners.com
44
JSON

APPLE-SA-2015-10-21-2 watchOS 2.0.1

watchOS 2.0.1 is now available and addresses the following:

Apple Pay
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description: The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality. This update additionally addresses the
issue for Apple Watches manufactured with watchOS 2.
CVE-ID
CVE-2015-5916

Bom
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Unpacking a maliciously crafted archive may lead to
arbitrary code execution
Description: A file traversal vulnerability existed in the handling
of CPIO archives. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2015-7006 : Mark Dowd at Azimuth Security

configd
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to elevate privileges
Description: A heap based buffer overflow issue existed in the DNS
client library. A local user with the ability to spoof responses from
the local configd service may have been able to cause arbitrary code
execution in DNS clients.
CVE-ID
CVE-2015-7015 : PanguTeam

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in CoreGraphics. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5925 : Apple
CVE-2015-5926 : Apple

FontParser
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Viewing a document with a maliciously crafted font may lead
to arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-5927 : Apple
CVE-2015-5942

Grand Central Dispatch
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
dispatch calls. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6989 : Apple

ImageIO
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Viewing a maliciously crafted image file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
parsing of image metadata. These issues was addressed through
improved metadata validation.
CVE-ID
CVE-2015-5935 : Apple
CVE-2015-5936 : Apple
CVE-2015-5937 : Apple
CVE-2015-5939 : Apple

IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6996 : Ian Beer of Google Project Zero

IOHIDFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

Related

prion 14
cve 14
securityvulns 7
nessus 5
threatpost 1
zdt 1
openvas 4
prion
prion
Memory corruption
2015-10-23 21:59:00
Memory corruption
2015-10-23 21:59:00
Memory corruption
2015-10-23 21:59:00
cve
cve
CVE-2015-5939
2015-10-23 21:59:00
CVE-2015-5937
2015-10-23 21:59:00
CVE-2015-5936
2015-10-23 21:59:00
securityvulns
securityvulns
Apple watchOS security vulnerabilities
2015-10-25 00:00:00
APPLE-SA-2015-10-21-1 iOS 9.1
2015-10-25 00:00:00
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
nessus
nessus
Apple iOS < 9.1 Multiple Vulnerabilities
2015-10-23 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2016-05-26 00:00:00
Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
2015-11-10 00:00:00
threatpost
threatpost
Apple Patches Vulnerabilities in OS X, iOS, Including Pangu Jailbreak
2015-10-21 17:27:52
zdt
zdt
Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Der
2016-01-28 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)
2018-05-15 00:00:00
Apple Mac OS X Multiple Vulnerabilities-03 (HT205375)
2018-05-15 00:00:00
Apple Mac OS X Multiple Vulnerabilities-02 (HT205375)
2018-05-15 00:00:00
JSON
Related for SECURITYVULNS:DOC:32564
prion14cve14securityvulns7nessus5threatpost1zdt1openvas4