Multiple vulnerabilities in Apple watchOS



Risk High
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2020-3917
CVE-2020-3911
CVE-2020-3897
CVE-2020-3901
CVE-2020-3900
CVE-2020-3895
CVE-2020-3910
CVE-2020-3909
CVE-2020-3883
CVE-2020-9785
CVE-2020-3914
CVE-2020-3919
CVE-2020-9768
CVE-2020-3916
CVE-2020-9773
CVE-2020-3913
CVE-2020-3891
CWE-ID CWE-264
CWE-119
CWE-843
CWE-125
CWE-416
CWE-284
CWE-200
CWE-840
Exploitation vector Network
Public exploit Public exploit code for vulnerability #13 is available.
Vulnerable software
watchOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU26433

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3917

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to a security restriction bypass. A remote attacker can trick a victim to install a malicious application, cause the application to be able to use an SSH client provided by private frameworks and gain access to sensitive information on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3 External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU26444

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type Confusion

EUVDB-ID: #VU26422

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3897

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the object transition cache. A remote attacker can trick a victim to visit a malicisou page or open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type Confusion

EUVDB-ID: #VU26424

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3901

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation





Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU26427

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3900

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU26426

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3895

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://support.apple.com/en-il/HT211103
http://seclists.org/fulldisclosure/2020/Mar/33


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU26445

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3910

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU26443

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3909

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU26435

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3883

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper permission checks in AppleMobileFileIntegrity. A remote attacker can trick a victim to install a malicious application and cause the application to be able to use arbitrary entitlements.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU26442

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9785

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU26441

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3914

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can use a specially crafted application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU26440

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3919

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU26439

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-9768

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can use a specially crafted application and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) Improper access control

EUVDB-ID: #VU26438

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3916

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can set an alternate app icon and disclose a photo without needing permission to access photos.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU26437

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9773

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper handling of icon caches. A remote attacker can trick a victim to install a malicious application and identify what other applications a user has installed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU26436

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3913

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper permissions check. A remote attacker can trick a victim to install a malicious application and use the application and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Business Logic Errors

EUVDB-ID: #VU26446

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3891

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to logical errors. A an attacker with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 6.0 - 6.1.3

CPE2.3
External links

http://seclists.org/fulldisclosure/2020/Mar/33
http://support.apple.com/en-il/HT211103


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###