Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Fixes Security Bugs With First Update for Watch OS

Apple released on Tuesday its first update for Watch OS, the iOS-based operating system that runs on the Apple Watch.

Watch OS 1.0.1 patches a total of 13 vulnerabilities affecting components such as the kernel, Secure Transport, FontParser, the Foundation framework, IOHIDFamily, and IOAcceleratorFamily.

Apple released on Tuesday its first update for Watch OS, the iOS-based operating system that runs on the Apple Watch.

Watch OS 1.0.1 patches a total of 13 vulnerabilities affecting components such as the kernel, Secure Transport, FontParser, the Foundation framework, IOHIDFamily, and IOAcceleratorFamily.

The FontParser issue exists due to the way font files are processed. An attacker can exploit this vulnerability (CVE-2015-1093) to execute arbitrary code by getting a user to process a maliciously crafted font.

The Foundation framework in the first version of Watch OS is plagued by an XML External Entity (XXE) vulnerability caused by the way the NSXMLParser handles XML files (CVE-2015-1092). This allows an application using the NSXMLParser to disclose information, Apple said in its advisory.

The flaws affecting IOHIDFamily and IOAcceleratorFamily could allow malicious applications to determine kernel memory layout.

The following vulnerabilities have been identified in the kernel:

  • CVE-2015-1099: race condition in the setreuid system call could allow malicious apps to cause a denial-of-service (DoS) condition on the system;
  • CVE-2015-1103: ICMP redirects enabled by default allow a man-in-the-middle (MitM) attacker to redirect users’ traffic to arbitrary hosts;
  • CVE-2015-1105: state inconsistency issue in handling of TCP out-of-band data allows a remote attacker to cause a DoS condition;
  • CVE-2015-1117: setreuid and setregid system calls fail to drop privileges permanently, allowing malicious applications to escalate privileges using a compromised service that should run with limited permissions;
  • CVE-2015-1104: system treats some IPv6 packets from remote network interfaces as local packets, enabling remote attackers to bypass network filters;
  • CVE-2015-1102: inconsistency in the processing of TCP headers allows an MitM attacker to cause a DoS condition;
  • CVE-2015-1100: out-of-bounds memory access flaw in the kernel allows malicious apps to cause the system to crash or read kernel memory;
  • CVE-2015-1101: memory corruption vulnerability allows malicious applications to execute arbitrary code with system privileges.

The list of people and organizations credited for finding these vulnerabilities includes Marc Schoenefeld, Ikuya Fukumoto, Ilja van Sprundel of IOActive, Cererdlong of the Alibaba Mobile Security Team, Mark Mentovai of Google, Zimperium Mobile Security Labs, Kenton Varda of Sandstorm.io, Stephen Roettger of Google, Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab, Maxime Villard of m00nbsd, and lokihardt@ASRT.

Watch OS 1.0.1 also addresses the FREAK vulnerability, which allows an MitM attacker to access encrypted data by downgrading the connection.

In addition to addressing these security bugs, Apple has updated the certificate trust policy, which includes a list of trusted, untrusted but not blocked, and blocked certificates in Watch OS.

Advertisement. Scroll to continue reading.

The update is available for Apple Watch, Apple Watch Sport, and Apple Watch Edition.

Related: Address Bar Spoofing Bugs Found in Safari, Chrome for Android

Related: Apple Updates Safari to Patch Several Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.