Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 05-13-2024-7

Apple Security Advisory 05-13-2024-7 - watchOS 10.5 addresses bypass and code execution vulnerabilities.

Packet Storm
#vulnerability#web#apple#auth#webkit#ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

Maps
Available for: Apple Watch Series 4 and later
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University

RemoteViewServices
Available for: Apple Watch Series 4 and later
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

Shortcuts
Available for: Apple Watch Series 4 and later
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)
of Kandji

WebKit
Available for: Apple Watch Series 4 and later
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative

Additional recognition

App Store
We would like to acknowledge an anonymous researcher for their
assistance.

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.

HearingCore
We would like to acknowledge an anonymous researcher for their
assistance.

Managed Configuration
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Instructions on how to update your Apple Watch software are available
at https://support.apple.com/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtuoACgkQX+5d1TXa
IvoryhAA0MH7dQ2spvGCOs9o90Ha8QfUwkzV6S+x/kjtb+4dVh+Myyyxcq3HfJP/
71NRMcHvxM2nE7d23D9TSDdkKqEckR/vpgRMR9oPPy+bLnqccu7Rx02dIyOcW0AD
sOI+puKn2oVSENiQte+Rs5RBBslrzG5G+Ezr2BVyk5jA4q8f2yD3vFlc+4K6u4Xf
xcM0rgqLTQ1Pe4CiJepLZlm5/I4ub9jNHgYw37lrBg8ptBBOP722Mt+XeuHcE0tr
SCvoVCDePnbHPNzofgsSlv0bv6CpfvOYKgRouWzb3wf+a9Cg/2fPN39nZtVt7V+l
WqSJjgGB71QgwtRpmr/nWz3VKzSE9xdnu0H6BOrVAC9qYWn1Qz9S0bfTVhWJDCvk
XyGhpoHrsKOR/PDjm8nCx7MzqeWxsG/yaYHileud3a9tAx1g63kDrwaPjpG4sNg1
U5pvYLE942yOoImWyFkfcnf9UCGqwdYiNR8uFyfuPoBFhiCM85CjwD3tM2UG0H5Q
xxU1iYNIHPeDd4q5DEaFqtC3nNraY3JGoAO5im7vNFv4JcoiMb8ObNTLDkNduThd
q1uB74m37Pfqq/PT2xtnACHfWpvUpu/Gc0JcUuS+uMB1nUbvPQpNNJqx7WHwk3Q2
r8OvMZ1Vw+4APbZ7B5Jnj4pkxSAifC2HQ7FqytCGzRzGqHOrF60=
=+u2d
-----END PGP SIGNATURE-----

Related news

Apple Security Advisory 07-29-2024-9

Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6788-1

Ubuntu Security Notice 6788-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5695-1

Debian Linux Security Advisory 5695-1 - Manfred Paul discovered that an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication in the WebKitGTK web engine.

Apple Security Advisory 05-13-2024-8

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-8

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-8

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-8

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-4

Apple Security Advisory 05-13-2024-4 - macOS Sonoma 14.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-2

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-1

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution