From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 21 Sep 2023 11:34:42 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-09-21-4 watchOS 10.0.1
watchOS 10.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213928.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Kernel
Available for: Apple Watch Series 4 and later
Impact: A local attacker may be able to elevate their privileges. Apple
is aware of a report that this issue may have been actively exploited
against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group
Security
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to bypass signature
validation. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+QACgkQX+5d1TXa
Ivrolg//eCfa6uj7rYz+BwmO2KTNLG+gAn+NZ9hnFb/txI8aoIwYc5rxDM8ektDP
itxupK30fcz3cG3fdWazD8YQ16Q7nN9KgU1alLELMZCgBI9K9osMGHzwzCepF1bJ
gaIt6e/DT6nEruNbtR9DOvZYFK0bBaM+Iar6GZ9NgSP8KwXZjRgCUBtaYuKEu2z4
K3xic4l0iKbV6T+Wb2hoinsRYjD5vf85q/6qcufRzUdBzpCyy6jEmMZs0CKnCef7
joEtz1tCVOydrydWXDNrmVXm5BLjBp4Fo3+i5O+zXXJvOaFdvHsbZ9IXmdMR2Zrz
YY7XxCawuRopfTAsNmnl8dYGGA2u9hSNmxienTCReYfF2gY6QG9tUpnS6TYkv1+3
HT/W5or4HLlVQvG4M+6ZOLIL/RlCBlnJBP7L78FYQW/0650FU6Xq3UoeQIx5LBf2
xtz4Dk/Dd/hF0dpGgRtg/Qw1ZqMZbwSgM4Z9yNOT1BnDWKgPyyl4Cg8D50ua4jyH
eGXUOQhM8hUoaIYjyNe2HM44tW3zZue/eXdu2xLL0LqwBWu4nEZBoyXHJLZHCtYq
W3KFBpcK3xgXujoknsu+X4Lq/oKH9SdPVmExkIZ/3Ga+8W2pYS3vIhRglt/Cuiis
xezTX8F3NjxIIztlBwlIgIGcdhb3pFRm7YqMwXykxOIpevPAyRM=
=zsee
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-2023-09-21-4 watchOS 10.0.1 Apple Product Security via Fulldisclosure (Sep 22)