-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-8 watchOS 6.1.1 watchOS 6.1.1 is now available and addresses the following: CallKit Available for: Apple Watch Series 1 and later Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: Apple Watch Series 1 and later Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOUSBDeviceFamily Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: Apple Watch Series 1 and later Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Security Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8844: William Bowling (@wcbowling) Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFr0ACgkQBz4uGe3y 0M3ibQ/+Oe5QaqGIxkCPgm0CR+0Zd+tVtVICpqIIEhtBNQYRAkJlzVlkwLwtJVvu TUolgK4uRCX2lDCvFh0dI0ZeVtmV+8J/QgngIeFePujHHFFwsEKp8wVMNEqVtf3n hmp+yzv4Ess05PP5dIcNQHETJzzZMvxD8FFKIbGhqPwbNSWhvvfnD3RaUG9Lnpqc Fy1v2iXMUeY1zZWJcpin+PmdQUykQTA+yYKcNdZe5iyfZN7eB3NH9ETfRONSuMTj hX5B3Aw7Vz82Nbcgs4cldi5J/hKgztzJ1WUOaeBCQ8MUtq8Nw89hBmu/ofExlADl +OmgML4tkBX5+BlcH8e1bSixB6CvccbUdNO64SCim2xklv4LBfSaxAfnTphpY9Er 6WZ+UJPEaKyVFXnhy2awBoWpsPnSsZeQ8EavGOPMf2PihtnUpCBn0FeVjLrdJ+0h qHzzaSpA8+mhU0lmdPPv1OB8xrXXwHtBVXahUmLZCKWuFwGbGtYX4OvvExWTv44X w5hGYsr3evRKThEp8VN8xJCkaIOdLYP3XTE1B+ItN0V89EBkK++8rfBL433HgcUQ R51YvVFiOSHSDLbLHYBCSdTtxNV6rLZPD2KtyElTAiiNckKaKL2h45VE/0YvCRNB 7eAoX1SX111SbJgT8TEn5PhoEMldiS5oAmjleCrgMbj+s+APQV0= =aeqk -----END PGP SIGNATURE-----