Multiple vulnerabilities in Apple watchOS 7.x



Published: 2020-11-06
Risk Critical
Patch available YES
Number of vulnerabilities 18
CVE-ID CVE-2020-27910
CVE-2020-27950
CVE-2020-27918
CVE-2020-10010
CVE-2020-27911
CVE-2020-27917
CVE-2020-27932
CVE-2020-10016
CVE-2020-9974
CVE-2020-27905
CVE-2020-27916
CVE-2020-27912
CVE-2020-10002
CVE-2020-27927
CVE-2020-27930
CVE-2020-10003
CVE-2020-27909
CVE-2020-10017
CWE-ID CWE-125
CWE-416
CWE-426
CWE-190
CWE-843
CWE-119
CWE-254
CWE-787
CWE-264
CWE-61
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerability #7 is being exploited in the wild.
Vulnerability #15 is being exploited in the wild.
Vulnerable software
Subscribe
watchOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 18 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU48176

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27910

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Audio subsystem when processing media files. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU48173

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-27950

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to gain access to sensitive kernel information on the system.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Use-after-free

EUVDB-ID: #VU48190

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27918

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Untrusted search path

EUVDB-ID: #VU48189

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10010

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper path handling of libraries within the Logging subsystem. A local user can execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU48188

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27911

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing XML data in libxml2. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU48187

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27917

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing untrusted input XML input in libxml2. A remote attacker can pass specially crafted data to the library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Type Confusion

EUVDB-ID: #VU48172

Risk: Medium

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-27932

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in macOS kernel. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

8) Buffer overflow

EUVDB-ID: #VU48186

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10016

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can run a specially crafted application, trigger memory corruption and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security features bypass

EUVDB-ID: #VU48185

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9974

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists within the OS kernel that allows a local user to run a specially crafted program and determine kernel memory layout. This vulnerability can be used to bypass implemented security restrictions and leverage exploitation of other vulnerabilities.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

EUVDB-ID: #VU48184

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27905

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the IOAcceleratorFamily subsystem. A malicious local application can execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU48177

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27916

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Audio subsystem when processing media files. A remote attacker can create a specially crafted media file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

EUVDB-ID: #VU48183

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27912

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing images within the ImageIO subsystem. A remote attacker can create a specially crafted image, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU48182

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic issue within the Foundation subsystem. A local user can read otherwise restricted files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU48181

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27927

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing fonts within the FontParser subsystem. A remote attacker can create a specially crafted document with a malicious font inside, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory corruption

EUVDB-ID: #VU48171

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-27930

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing fonts within the FontParser component. A remote attacker can create a specially crafted document or web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

16) UNIX symbolic link following

EUVDB-ID: #VU48180

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10003

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the Crash Reporter subsystem. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU48179

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27909

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreAudio subsystem when processing MP4 media files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU48178

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10017

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the CoreAudio subsystem when processing media files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

watchOS: 7.0 18R382 - 7.0.3 18R410

External links

http://support.apple.com/en-us/HT211928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###