About the security content of watchOS 3.2

This document describes the security content of watchOS 3.2.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

watchOS 3.2

Audio

Available for: All Apple Watch models

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2430: an anonymous researcher working with Trend Micro’s Zero Day Initiative

CVE-2017-2462: an anonymous researcher working with Trend Micro’s Zero Day Initiative

Carbon

Available for: All Apple Watch models

Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution

Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.

CVE-2017-2379: riusksk (泉哥) of Tencent Security Platform Department, John Villamil, Doyensec

CoreGraphics

Available for: All Apple Watch models

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An infinite recursion was addressed through improved state management.

CVE-2017-2417: riusksk (泉哥) of Tencent Security Platform Department

CoreGraphics

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2444: Mei Wang of 360 GearTeam

CoreText

Available for: All Apple Watch models

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2435: John Villamil, Doyensec

CoreText

Available for: All Apple Watch models

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed through improved input validation.

CVE-2017-2450: John Villamil, Doyensec

CoreText

Available for: All Apple Watch models

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A resource exhaustion issue was addressed through improved input validation.

CVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI

FontParser

Available for: All Apple Watch models

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2487: riusksk (泉哥) of Tencent Security Platform Department

CVE-2017-2406: riusksk (泉哥) of Tencent Security Platform Department

FontParser

Available for: All Apple Watch models

Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2407: riusksk (泉哥) of Tencent Security Platform Department

FontParser

Available for: All Apple Watch models

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed through improved input validation.

CVE-2017-2439: John Villamil, Doyensec

HTTPProtocol

Available for: All Apple Watch models

Impact: A malicious HTTP/2 server may be able to cause undefined behavior

Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.

CVE-2017-2428

ImageIO

Available for: All Apple Watch models

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2416: Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent

ImageIO

Available for: All Apple Watch models

Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative

ImageIO

Available for: All Apple Watch models

Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2467

ImageIO

Available for: All Apple Watch models

Impact: Processing a maliciously crafted image may lead to unexpected application termination

Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.

CVE-2016-3619

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2017-2440: an anonymous researcher

Kernel

Available for: All Apple Watch models

Impact: A malicious application may be able to execute arbitrary code with root privileges

Description: A race condition was addressed through improved memory handling.

CVE-2017-2456: lokihardt of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2472: Ian Beer of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2473: Ian Beer of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An off-by-one issue was addressed through improved bounds checking.

CVE-2017-2474: Ian Beer of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed through improved locking.

CVE-2017-2478: Ian Beer of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2482: Ian Beer of Google Project Zero

CVE-2017-2483: Ian Beer of Google Project Zero

Kernel

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with elevated privileges

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)

Keyboards

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code

Description: A buffer overflow was addressed through improved bounds checking.

CVE-2017-2458: Shashank (@cyberboyIndia)

libarchive

Available for: All Apple Watch models

Impact: A local attacker may be able to change file system permissions on arbitrary directories

Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.

CVE-2017-2390: Omer Medan of enSilo Ltd

libc++abi

Available for: All Apple Watch models

Impact: Demangling a malicious C++ application may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2441

libxslt

Available for: All Apple Watch models

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-5029: Holger Fuhrmannek

Security

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with root privileges

Description: A buffer overflow was addressed through improved bounds checking.

CVE-2017-2451: Alex Radocea of Longterm Security, Inc.

Security

Available for: All Apple Watch models

Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution

Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.

CVE-2017-2485: Aleksandar Nikolic of Cisco Talos

WebKit

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed through improved memory handling.

CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)

WebKit

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to high memory consumption

Description: An uncontrolled resource consumption issue was addressed through improved regex processing.

CVE-2016-9643: Gustavo Grieco

WebKit

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2471: Ivan Fratric of Google Project Zero

Additional recognition

XNU

We would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.