SB2019012305 - Multiple vulnerabilities in Apple watchOS

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2019-6235)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to a boundary error in the AppleKeyStore component when handling malicious input. A remote attacker can trigger memory corruption to circumvent sandbox restrictions.

2) Out-of-bounds read (CVE-ID: CVE-2019-6202)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to out-of-bounds read in the Core Media component when handling malicious input. A local authenticated attacker can run a specially crafted application and gain elevated privileges.

3) Out-of-bounds read (CVE-ID: CVE-2019-6231)

The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in the CoreAnimation component when handling malicious input. A local authenticated attacker can run a specially crafted application and access arbitrary data.

4) Memory corruption (CVE-ID: CVE-2019-6230)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to a boundary error in the CoreAnimation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and circumvent sandbox restrictions.

5) Buffer overflow (CVE-ID: CVE-2019-6224)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the FaceTime component when handling malicious input. A remote attacker can initiate a FaceTime call, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Type confusion (CVE-ID: CVE-2019-6214)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger type confusion error and circumvent sandbox restrictions.

7) Privilege escalation (CVE-ID: CVE-2019-6210)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to an error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Buffer overflow (CVE-ID: CVE-2019-6213)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger buffer overflow and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

9) Out-of-bounds read (CVE-ID: CVE-2019-6209)

The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application and determine kernel memory layout.

10) Input validation error (CVE-ID: CVE-2019-6219)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to an error in the Natural Language Processing component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted message and cause the service to crash.

11) SQL injection (CVE-ID: CVE-2018-20506)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

12) SQL injection (CVE-ID: CVE-2018-20505)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

13) SQL injection (CVE-ID: CVE-2018-20346)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

14) Memory corruption (CVE-ID: CVE-2019-6227)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

15) Memory corruption (CVE-ID: CVE-2019-6226)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

16) Memory corruption (CVE-ID: CVE-2019-6216)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

17) Memory corruption (CVE-ID: CVE-2019-6217)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT209448