-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-3-27-1 watchOS 5.2

watchOS 5.2 is now available and addresses the following:

CFString
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher

CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

file
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher

Foundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google
Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel
Groß of Google Project Zero

GeoServices
Available for: Apple Watch Series 1 and later
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher

iAP
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG

Messages
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang

Passcode
Available for: Apple Watch Series 1 and later
Impact: A partially entered passcode may not clear when the device
goes to sleep
Description: An issue existed where partially entered passcodes may
not clear when the device went to sleep.  This issue was addressed by
clearing the passcode when a locked device sleeps.
CVE-2019-8548: Tobias Sachs

Power Management
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed with improved validation.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)

Privacy
Available for: Apple Watch Series 1 and later
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
This issue was addressed with improved motion sensor processing.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited

Siri
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests. This issue was addressed with improved validation.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin CarabaÈ™ of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest

TrueTypeScaler
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

Additional recognition

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7cpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GugRAA
tKuWyrX6EQy9jaNducv7s/nxmsgrUl5zrnNCCO2WKnNIHT8v+iRWFHZi+w1lTRW4
2rUTCVibxMSJLazyhPoU4Ngaor6MoABfzVJvSAMD1EeP2kAmk1Qg4vEAzuhlGcpF
zbq6OWxlGGU5YQHak2bhUEeaS1/EgSfdT7xVr+Iczh6f/6vDKluKc3yRKQODU8ZP
wA4S25wH5hXVjOeiit/6ZMj8NgBf0V8qbms4kWSoen+dFzoc2HhP9SJrViO57y+b
D1AHEJgPQIP/RB7jjskK6aOPQ3v3FaXSRnBn+Cyig9Ost+rVkOeARp72rCobyNBR
uCtUeEX09oyErlmVyR3Zg0mBSMkvPqK1CvBfWBb5SrZ05i6/OuYCCYnaStdRzcmM
e/7GI30HYjDbVtLhxCJO66pvtGpJluzmVkotg2IKefMC7zoruSEZilCBRdcS9pAZ
v0D9ioTw4cZ2RXpeCNNK4hjpSygWJdgdz7SlO2KuTHwuVWXXRiETJwG0IB8B8GJj
yHPZYu8HKkEA1dPBeOdbGuj9H/XbyCO4bWkPSAWQIW0IUsCwNmUp11oLGWb8pcFO
ypLKrlLr/JkDJpL5aVryYZSlzqwi1mBo8r22wjEtKLlFrCln3gecNcny4ykURluo
Pbnmdta0YH4vutI0PA/m+xA/Y4eMzRRRUlCNqZZHAGI=
=zRUq
-----END PGP SIGNATURE-----