About the security content of watchOS 6.2.5

This document describes the security content of watchOS 6.2.5.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss or confirm security issues until an investigation has taken place and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

watchOS 6.2.5

Released 18 May 2020

Accounts

Available for: Apple Watch Series 1 and later

Impact: A remote attacker may be able to cause a denial of service

Description: A denial-of-service issue was addressed with improved input validation.

CVE-2020-9827: Jannik Lorenz of SEEMOO at TU Darmstadt

AppleMobileFileIntegrity

Available for: Apple Watch Series 1 and later

Impact: A malicious application could interact with system processes to access private information and perform privileged actions

Description: An entitlement parsing issue was addressed with improved parsing.

CVE-2020-9842: Linus Henze (pinauten.de)

Audio

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

Audio

Available for: Apple Watch Series 1 and later

Impact: processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

CoreText

Available for: Apple Watch Series 1 and later

Impact: processing a maliciously crafted text message may lead to application denial of service

Description: A validation issue was addressed with improved input sanitisation.

CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

FontParser

Available for: Apple Watch Series 1 and later

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative

ImageIO

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

ImageIO

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of VARAS@IIE

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

Kernel

Available for: Apple Watch Series 1 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: Apple Watch Series 1 and later

Impact: A malicious application may be able to determine another application's memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2020-9797: an anonymous researcher

Kernel

Available for: Apple Watch Series 1 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: an integer overflow was addressed through improved input validation.

CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab

Kernel

Available for: Apple Watch Series 1 and later

Impact: an application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team

Kernel

Available for: Apple Watch Series 1 and later

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: Apple Watch Series 1 and later

Impact: a local user may be able to read kernel memory

Description: an information disclosure issue was addressed with improved state management.

CVE-2020-9811: Tielei Wang of Pangu Lab

CVE-2020-9812: derrek (@derrekr6)

Kernel

Available for: Apple Watch Series 1 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: a logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2020-9813: Xinru Chi of Pangu Lab

CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: Apple Watch Series 1 and later

Impact: a malicious application may be able to determine kernel memory layout

Description: an information disclosure issue was addressed with improved state management.

CVE-2020-9809: Benjamin Randazzo (@____benjamin)

libxpc

Available for: Apple Watch Series 1 and later

Impact: a malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-9994: Apple

Entry added 21 September 2020

Mail

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously crafted email message may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2020-9819: ZecOps.com

Mail

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously crafted email message may lead to unexpected memory modification or application termination

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9818: ZecOps.com

rsync

Available for: Apple Watch Series 1 and later

Impact: A remote attacker may be able to overwrite existing files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2014-9512: gaojianfeng

Entry added 28 July 2020

SQLite

Available for: Apple Watch Series 1 and later

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

System Preferences

Available for: Apple Watch Series 1 and later

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-9839: @jinmo123, @setuid0x0_ and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit

Available for: Apple Watch Series 1 and later

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0_ and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to a cross-site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: a memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

WebRTC

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An access issue was addressed with improved memory management.

CVE-2019-20503: natashenka of Google Project Zero

Additional recognition

CoreText

We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.

ImageIO

We would like to acknowledge Lei Sun for their assistance.

IOHIDFamily

We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Safari

We would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.

WebKit

We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: