About the security content of watchOS 2.2.2

This document describes the security content of watchOS 2.2.2.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

watchOS 2.2.2

CoreGraphics

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A remote attacker may be able to execute arbitrary code

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)

ImageIO

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A remote attacker may be able to cause a denial of service

Description: A memory consumption issue was addressed through improved memory handling.

CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A remote attacker may be able to execute arbitrary code

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)

ImageIO

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-7705: Craig Young of Tripwire VERT

IOAcceleratorFamily

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: A null pointer dereference was addressed through improved validation.

CVE-2016-4627 : Ju Zhu of Trend Micro

IOAcceleratorFamily

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2016-4628 : Ju Zhu of Trend Micro

IOHIDFamily

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-4626 : Stefan Esser of SektionEins

IOHIDFamily

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4650 : Peter Pi of Trend Micro working with HP's Zero Day Initiative

Kernel

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1863 : Ian Beer of Google Project Zero

CVE-2016-4653 : Ju Zhu of Trend Micro

CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local user may be able to cause a system denial of service

Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

Libc

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2016-6559 : Apple

libxml2

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: Multiple vulnerabilities in libxml2

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2015-8317 : Hanno Boeck

CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4448 : Apple

CVE-2016-4483 : Gustavo Grieco

CVE-2016-4614 : Nick Wellnhofer

CVE-2016-4615 : Nick Wellnhofer

CVE-2016-4616 : Michael Paddon

libxml2

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.

CVE-2016-4449 : Kostya Serebryany

libxslt

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1683 : Nicolas Grégoire

CVE-2016-1684 : Nicolas Grégoire

CVE-2016-4607 : Nick Wellnhofer

CVE-2016-4608 : Nicolas Grégoire

CVE-2016-4609 : Nick Wellnhofer

CVE-2016-4610 : Nick Wellnhofer

Sandbox Profiles

Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes

Impact: A local application may be able to access the process list

Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.

CVE-2016-4594 : Stefan Esser of SektionEins