About the security content of watchOS 2.2

This document describes the security content of watchOS 2.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

watchOS 2.2

• Disk Images

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

• FontParser

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

• HTTPProtocol

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: A remote attacker may be able to execute arbitrary code

  Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.

  CVE-ID

  CVE-2015-8659

• IOHIDFamily

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1719 : Ian Beer of Google Project Zero

• IOHIDFamily

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to determine kernel memory layout

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1748 : Brandon Azad

• Kernel

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1720 : Ian Beer of Google Project Zero

  CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro

  CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team

  CVE-2016-1755 : Ian Beer of Google Project Zero

• Kernel

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A use after free issue was addressed through improved memory management.

  CVE-ID

  CVE-2016-1750 : CESG

• Kernel

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: Multiple integer overflows were addressed through improved input validation.

  CVE-ID

  CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

• Kernel

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to bypass code signing

  Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.

  CVE-ID

  CVE-2016-1751 : Eric Monti of Square Mobile Security

• Kernel

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to cause a denial of service

  Description: A denial of service issue was addressed through improved validation.

  CVE-ID

  CVE-2016-1752 : CESG

• libxml2

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2015-1819

  CVE-2015-5312 : David Drysdale of Google

  CVE-2015-7499

  CVE-2015-7500 : Kostya Serebryany of Google

  CVE-2015-7942 : Kostya Serebryany of Google

  CVE-2015-8035 : gustavo.grieco

  CVE-2015-8242 : Hugh Davenport

  CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI)

  CVE-2016-1762

• libxslt

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution

  Description: A type confusion issue was addressed through improved memory handling.

  CVE-ID

  CVE-2015-7995 : puzzor

• Messages

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments

  Description: A cryptographic issue was addressed by rejecting duplicate messages on the client.

  CVE-ID

  CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

• Security

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

  Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.

  CVE-ID

  CVE-2016-1950 : Francis Gabriel of Quarkslab

• syslog

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

• TrueTypeScaler

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

  Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

  CVE-ID

  CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

• WebKit

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1723 : Apple

  CVE-2016-1724 : Apple

  CVE-2016-1725 : Apple

  CVE-2016-1726 : Apple

  CVE-2016-1727 : Apple

• Wi-Fi

  Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

  Impact: An attacker with a privileged network position may be able to execute arbitrary code

  Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.

  CVE-ID

  CVE-2016-0801 : an anonymous researcher

  CVE-2016-0802 : an anonymous researcher