APPLE-SA-2019-12-10-8 watchOS 6.1.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-8 watchOS 6.1.1 watchOS 6.1.1 is now available and addresses the following: CallKit Available for: Apple Watch Series 1 and later Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: Apple Watch Series 1 and later Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOUSBDeviceFamily Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: Apple Watch Series 1 and later Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Security Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8844: William Bowling (@wcbowling) Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFr0ACgkQBz4uGe3y 0M3ibQ/+Oe5QaqGIxkCPgm0CR+0Zd+tVtVICpqIIEhtBNQYRAkJlzVlkwLwtJVvu TUolgK4uRCX2lDCvFh0dI0ZeVtmV+8J/QgngIeFePujHHFFwsEKp8wVMNEqVtf3n hmp+yzv4Ess05PP5dIcNQHETJzzZMvxD8FFKIbGhqPwbNSWhvvfnD3RaUG9Lnpqc Fy1v2iXMUeY1zZWJcpin+PmdQUykQTA+yYKcNdZe5iyfZN7eB3NH9ETfRONSuMTj hX5B3Aw7Vz82Nbcgs4cldi5J/hKgztzJ1WUOaeBCQ8MUtq8Nw89hBmu/ofExlADl +OmgML4tkBX5+BlcH8e1bSixB6CvccbUdNO64SCim2xklv4LBfSaxAfnTphpY9Er 6WZ+UJPEaKyVFXnhy2awBoWpsPnSsZeQ8EavGOPMf2PihtnUpCBn0FeVjLrdJ+0h qHzzaSpA8+mhU0lmdPPv1OB8xrXXwHtBVXahUmLZCKWuFwGbGtYX4OvvExWTv44X w5hGYsr3evRKThEp8VN8xJCkaIOdLYP3XTE1B+ItN0V89EBkK++8rfBL433HgcUQ R51YvVFiOSHSDLbLHYBCSdTtxNV6rLZPD2KtyElTAiiNckKaKL2h45VE/0YvCRNB 7eAoX1SX111SbJgT8TEn5PhoEMldiS5oAmjleCrgMbj+s+APQV0= =aeqk -END PGP SIGNATURE-
APPLE-SA-2019-12-10-6 Safari 13.0.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-6 Safari 13.0.4 Safari 13.0.4 is now available and addresses the following: WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos Installation note: Safari 13.0.4 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpAACgkQBz4uGe3y 0M247Q/+Puog9fznddnmX6AZlC0w3fZp1LcCKASKbl3OKeZZMssSCiVxcbnIzcgL ftYqaOKsSPDHbuKi0myMYLt3gnkmtq1lGTtW85ytSLNeR+2W/+dzmtfMelqS+wwG kQh4V/R1oTFpU/p/oI3bH2kEJGqj+npwNML2zeW2UclcWdFNkWfO0hvEWj2eKFwT HyqmyRLZoGjX6qsZ0sPpwnVXXnsedUfHOdxRvjw8Wwp4DSRt1ockAs0Mh7nUy86X CVB/Adlmd9LPLqRPWG5dec/d6+yG/bGhD+uM92pNor6hvvZhhCisMFrGOwezxNGJ HNFbIOJpMLYoOGlydSIHzdJseEEyD0dQwtkHdsLkR3+Sc59uMXF/Ah13cW0n+9pw h6MNPo9e2K8w+Ocgd+0e6B0uknyKeRHzTQ7Y4TUIXYqV5GSNEMpQU9cxnNTJgk1t RZesiLWbttWzdg2dx8kGlljTJYp4wb3yN5idE1BfsXZz0DoHKa1VBPZpSUUvYpx+ kUMY5gfLPNgGCQtd4IzFzVnNcfh34j2tvBWbr8QSKygWjaN746r1zeibTp8XE43/ RLDvlF4IF6QRWZd2UbFLH2PSjNvc4EgPA1gRHmWvFVrK7eZznLD1EZbB1jI1TRPE hHCt7lmK8DdN9stVkt3pNQoT1Tukh2kIi+gnt6+Qh4Yyo5Jdo7A= =LKd0 -END PGP SIGNATURE-
APPLE-SA-2019-12-10-4 watchOS 5.3.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-4 watchOS 5.3.4 watchOS 5.3.4 is now available and addresses the following: FaceTime Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to a device with iOS 12 installed Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFsIACgkQBz4uGe3y 0M081g//diPPIlbOXb2t9E8BZQugpj2XJf36gvejgReUIbrPG30wxitkf+hruSfI tDZfrvFmyeudiKJ47PpkamQ8CfnppaPm6FCOr2D4kQgCMOy2Ac+hxTbKjHPDjzvi 0gY9WKTdwfZVtDuzT9utQY82oUMe7kKohCksbdKV4VByPeNfDO4o/Pnwcq/byrDb GXyBg/yiunWLxeqSqJEYGcrh0DYIhjFAaPH9EU757WBwsKYd6H+aF7AvMcVRuY/p Nm08DBZG5PU/ctZFDMWluIwaqsBj/t6DWtEwgvYrsJP9zVKiH47WpeH0rG9wHvM2 z7cY+h6cyNL7xmY2/lSyZIklOkAF3drZbB89kCb+ysfA92U0D1YyZMeC1ZNoEYYW awcZCBavTxj/NeF6g6CNiBmVK1h2C3nSNvV6zbsmgQ7nhZgYH24g9ZppAy6/HMhq UK7mspj43HjSo8LIc99wHGxXc5wuc25YGqVgbzd8Yw1kbmDzRdWWJ83G1H+cAuEx 59R48FD8hpmayFCDD5OWAnf1tJXYth+Rp57rs2mWgSDdFJ3vk8yd0JaSumiLu6/N Pwm7vg7tVe9Bmfp9ipFJ9xZz/EQ5eaZe6FlwmxocjxFCkBsXHnfMq9ecr4E4oyD2 PEqayT+ZWZXbmYKvWzOCX/5L7e5HwVLx8GxGvUwYUyLBX1JEqt0= =Wdm1 -END PGP SIGNATURE-
APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses the following: ATS Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8837: Csaba Fitzl (@theevilbit) Bluetooth Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab CallKit Available for: macOS Catalina 10.15 Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: macOS Catalina 10.15 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team CUPS Available for: macOS Catalina 10.15 Impact: In certain configurations, a remote attacker may be able to submit arbitrary print jobs Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8842: Niky1235 of China Mobile CUPS Available for: macOS Catalina 10.15 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8839: Stephan Zeisberg of Security Research Labs FaceTime Available for: macOS Catalina 10.15 Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero Kernel Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect CVE-2019-8847: Apple CVE-2019-8852: pattern-f (@pattern_F_) of WaCai libexpat Available for: macOS Catalina 10.15 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang OpenLDAP Available for: macOS Catalina 10.15 Impact: Multiple issues in OpenLDAP Description: Multiple issues were addressed by updating to OpenLDAP version 2.4.28. CVE-2012-1164 CVE-2012-2668 CVE-2013-4449 CVE-2015-1545 CVE-2019-13057 CVE-2019-13565 Security Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech tcpdump Available for: macOS Catalina 10.15 Impact: Multiple issues in tcpdump Description: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1 CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2019-15166 CVE-2019-15167 Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Installation note: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and
APPLE-SA-2019-12-10-5 tvOS 13.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-5 tvOS 13.3 tvOS 13.3 is now available and addresses the following: CFNetwork Proxies Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: Apple TV 4K and Apple TV HD Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOUSBDeviceFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Security Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling) WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos Additional recognition Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFqwACgkQBz4uGe3y 0M3XDA/+KcTZ8q9kf6Ww2MsArDdEhxgu+rYanDm3hK/2ivxj0rQ9uMFMFb7Lfr6G gHfZX9m740noDWVz4nGHtAyC925jB/z/ge6kaWklrUZX6JRl46DC9p+EwU4syyPL mFOtzTO7Otz+MVXJnt9zUJwpF7TeE210fC2rWGVENf0F+R+Q7ETRdRYCP/DqVO0S 11Yg0ZcWwDXt9NjukhT9s/KDFgGP2HbCmb7f1q8vGUAoYa3uQ/Zg8UNicnM8cIMV 1vmwWmOmpKuiA2eJjSTmPahx2Isa3h3bDYFJU63MY0H5a1X37UuUUS/zg1rdOXnR YwBPCnYOl3hUDRLL0BCabdvHBnckwOMkBpxVRReSsdkp7HzspSXZAZoCFYm9K4Fn DLbwX7m2KeugfX0kOIhtZBamnz76vUQ5jDF0wGLdVRd1YETgSGT9iOswDt4ju6e/ b3tqV/MbcHERdDQDS31FS0XP+nPBcEpFop8Oyeqh33K9PTFvE5WtiJX2hXS9WVL9 MgIQbBDPB59DULP1zOw4t7uzeeHH9IVZT7LgOVWQsLDJjGeRXSjMmUJZ8rPyxUVq oyOcOsCBXv2Wxe8BVCNe4hlZzOPxhJe8fKvfpx4jUYvf2ztZw73Z2K+oPIh8Y43W KbbooNJa9YH7hzAFNoF8XaADGFa+5YsGtsEeT2kt8slB+KafBeg= =SMHV -END PGP SIGNATURE-
APPLE-SA-2019-12-10-7 Xcode 11.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-7 Xcode 11.3 Xcode 11.3 is now available and addresses the following: ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling with untrusted sources may lead to arbitrary code execution with user privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8840: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team Additional recognition Clang We would like to acknowledge an anonymous researcher for their assistance. Installation note: Xcode 11.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFqcACgkQBz4uGe3y 0M2QRhAAi+otnehn1Qn41XlY91N6g9yKuywbUcUmxx0bSBZGTJFril2DN+hw2F9M x/Se49QfHQcs66t1B9mxjK9uaGnMhqpwDfCJtYU9OfkEsUdbdjVu23NgvrH+RmIK xgM/aCSnxK8Ex0Z26pUxdIBLOgIXumiOFiY8g8PwKub1d8FcNb3g0qcMY+bFo1Uh HaGie7hwErket4if96vTWYBJVtes+Ed82uSuid1j9mz5pe97BYvcnIxOGAv81UOx cxgsB+vJY4JNwNIkzYJ9Hf2BXUPHGWDhg/OzTo8soHTsz35F6HCeXZwr9PywDoWS YMtOOHKUaBguQdfkPcCMIs0BgzxMmUnw0+6HowHpUWminGWbLSfvs6mgs/0zCxOl QYW/QZqg8Rwx1j99MMV5ckYEe2aE02wxY6Z68ua6CTZH8Ohs2bd72cXbDNNmj4HC pkGWhqyO3XvxpRU5L/1q3TZqRPG6x9222Vq4yOFR7dHyt3yDEXKYwvSp7N5hP8pr A1AqhbpbStWUWj24Ea+rDsx4bH1hwhtDV7C5TZHkLxJq7KRq3NIjpkjXZS43YTpZ wq40H2ND6UeubvBWjxJ2Ag0qpmX5mub6tiuXWOcRrMwwMFXtLetywuUWS7BLDB9J cHD5BIEPfRU7kmwtEVfizM2IiGjU3GuSfr58wtgKt/Xehepz18g= =Hv0S -END PGP SIGNATURE-
APPLE-SA-2019-12-10-2 iOS 12.4.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-2 iOS 12.4.4 iOS 12.4.4 is now available and addresses the following: FaceTime Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.4.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFrIACgkQBz4uGe3y 0M3ZuQ/7BPG5bMftxUOYVwzfawLWLlBBk73qlIDsBg8Ololtho2SDb3s4pJdXW9F JQoEXIJQ/H4fqScRZMkT/vlqJOQasesjBtC89i3heg8jRgGcGZjW1UnvRrWS+wPZ OxFClyfpOepUn8llUhjLSh3tS7cru+h/6jEnJf9taTMtww27XrqSg5Y/I1Rl60zx FTTyi7cxHiyBOdxY3/O4yS9BFTfakDexpESYldeqRiJrxqoU+vg2VfsFiL+Bvbfw O0dIymTSphjJWVh35l8faBkclK74rP+iWIqkijczl/vI02LYL4FR8ROGStu4NXHY mBRsMts3MTD57AyFfZalGiW6DEl51BkkI9C0exB0XBXb8lHrY/7v4ac+O57JHSU0 Vbu78d2qVfFweZH574NUGCZs+6FFzXLcvy8LAQqrJlaMy+J1vWQXZ8EJtDMPgKCy JMzTG4BIfuxsoRCnpWDeskiQxEeMpaJHMl/6jLemSETk84+b8gMDp7E8rC0JFl6j 1cT4MwCtE4nA8h3bbJiNX71Hurj9vyj+kCzOEq4bDpOX0b5brhhcD0SVfLilF7Xk Yzyr0UYQEYmYluFPDs8BYzT9Lb0iSIGOUgtKvbtyodvtSdh+4h2vIGMwE/X2Z80B /7+lhOO9HQJMYXzfxFdIXx523oihZdbM0qAOEjJ4vnvfwXRcnCE= =tNvb -END PGP SIGNATURE-