Watchos Security Vulnerabilities and Issues — Page 29 of Watchos CVE List

Lucene search

AppleWatchos

1641 matches found

CVE•added 2017/05/22 5:29 a.m.•53 views

CVE-2017-6979

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privil...

7.6CVSS7.3AI score0.02343EPSS

CVE•added 2017/05/22 5:29 a.m.•53 views

CVE-2017-6987

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00242EPSS

CVE•added 2019/04/03 6:29 p.m.•53 views

CVE-2018-4460

A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

6.5CVSS6.1AI score0.00702EPSS

CVE•added 2020/10/27 8:15 p.m.•53 views

CVE-2019-8618

A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.

7.5CVSS6.8AI score0.00289EPSS

CVE•added 2022/11/01 8:15 p.m.•53 views

CVE-2022-32925

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory.

7.1CVSS6.8AI score0.00066EPSS

CVE•added 2024/07/29 9:15 p.m.•53 views

CVE-2023-40396

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00065EPSS

CVE•added 2024/06/10 9:15 p.m.•53 views

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen.

2.4CVSS5.5AI score0.00081EPSS

CVE•added 2024/09/17 12:15 a.m.•53 views

CVE-2024-44171

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

4.6CVSS5.7AI score0.00051EPSS

CVE•added 2025/04/29 3:15 a.m.•53 views

CVE-2025-24251

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

6.5CVSS7.8AI score0.00061EPSS

CVE•added 2015/09/18 10:59 a.m.•52 views

CVE-2015-5824

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

4.3CVSS4.9AI score0.00096EPSS

CVE•added 2015/09/18 10:59 a.m.•52 views

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.

5CVSS5.5AI score0.00555EPSS

CVE•added 2015/12/11 12:0 p.m.•52 views

CVE-2015-7112

The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2016/02/01 11:59 a.m.•52 views

CVE-2016-1717

The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7AI score0.00062EPSS

CVE•added 2016/05/20 10:59 a.m.•52 views

CVE-2016-1808

The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.6AI score0.006EPSS

CVE•added 2016/07/22 2:59 a.m.•52 views

CVE-2016-4637

CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

8.8CVSS8.9AI score0.02898EPSS

CVE•added 2017/02/20 8:59 a.m.•52 views

CVE-2016-4680

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

5.5CVSS4.6AI score0.00247EPSS

CVE•added 2017/11/13 3:29 a.m.•52 views

CVE-2017-13799

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a...

9.3CVSS7.7AI score0.00173EPSS

CVE•added 2017/11/13 3:29 a.m.•52 views

CVE-2017-13852

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses pr...

4.3CVSS4AI score0.00228EPSS

CVE•added 2017/05/22 5:29 a.m.•52 views

CVE-2017-2502

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a c...

5.5CVSS5.4AI score0.00265EPSS

CVE•added 2017/05/22 5:29 a.m.•52 views

CVE-2017-2513

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrar...

9.8CVSS8.7AI score0.01982EPSS

CVE•added 2019/04/03 6:29 p.m.•52 views

CVE-2018-4303

An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

7.8CVSS6.8AI score0.00259EPSS

CVE•added 2019/04/03 6:29 p.m.•52 views

CVE-2018-4447

A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00185EPSS

CVE•added 2020/10/27 8:15 p.m.•52 views

CVE-2018-4474

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

7.5CVSS7.1AI score0.00862EPSS

CVE•added 2019/12/18 6:15 p.m.•52 views

CVE-2019-8659

This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.

7.5CVSS7AI score0.00241EPSS

CVE•added 2022/11/01 8:15 p.m.•52 views

CVE-2022-32870

A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.

2.4CVSS3.9AI score0.00078EPSS

CVE•added 2023/09/06 2:15 a.m.•52 views

CVE-2023-32428

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

7.8CVSS7.3AI score0.00912EPSS

CVE•added 2023/09/27 3:19 p.m.•52 views

CVE-2023-40520

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.

3.3CVSS2.8AI score0.0003EPSS

CVE•added 2024/07/29 9:15 p.m.•52 views

CVE-2023-42949

This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.

3.3CVSS5.5AI score0.0004EPSS

CVE•added 2024/06/10 9:15 p.m.•52 views

CVE-2024-27806

This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.

5.5CVSS5.5AI score0.00021EPSS

CVE•added 2024/07/29 11:15 p.m.•52 views

CVE-2024-40788

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected ...

6.2CVSS5.6AI score0.00048EPSS

CVE•added 2024/07/29 11:15 p.m.•52 views

CVE-2024-40805

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

7.7CVSS5.8AI score0.0003EPSS

CVE•added 2024/07/29 11:15 p.m.•52 views

CVE-2024-40824

This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

7.7CVSS5.9AI score0.00035EPSS

CVE•added 2024/12/12 2:15 a.m.•52 views

CVE-2024-44290

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.

3.3CVSS5.3AI score0.00017EPSS

CVE•added 2024/12/12 2:15 a.m.•52 views

CVE-2024-54501

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.

5.5CVSS5.7AI score0.00069EPSS

CVE•added 2024/12/12 2:15 a.m.•52 views

CVE-2024-54513

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.

5.7CVSS5.5AI score0.00022EPSS

CVE•added 2015/09/18 10:59 a.m.•51 views

CVE-2015-5841

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5CVSS5.7AI score0.0062EPSS

CVE•added 2015/09/18 11:0 a.m.•51 views

CVE-2015-5858

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.

5CVSS5.7AI score0.00498EPSS

CVE•added 2015/10/23 9:59 p.m.•51 views

CVE-2015-5927

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

6.8CVSS7.4AI score0.01866EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7059

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061.

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7060

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7061

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2016/02/01 11:59 a.m.•51 views

CVE-2016-1722

syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7AI score0.00062EPSS

CVE•added 2016/03/24 1:59 a.m.•51 views

CVE-2016-1748

IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS4.5AI score0.00257EPSS

CVE•added 2017/02/20 8:59 a.m.•51 views

CVE-2016-7588

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corrup...

8.8CVSS7.8AI score0.00885EPSS

CVE•added 2017/02/20 8:59 a.m.•51 views

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a cr...

9.3CVSS7.1AI score0.00157EPSS

CVE•added 2017/02/20 8:59 a.m.•51 views

CVE-2016-7615

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.

5.5CVSS4.9AI score0.00049EPSS

CVE•added 2017/02/20 8:59 a.m.•51 views

CVE-2016-7627

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via ...

6.5CVSS5.6AI score0.00498EPSS

CVE•added 2017/02/20 8:59 a.m.•51 views

CVE-2016-7658

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appl...

8.8CVSS7.8AI score0.00885EPSS

CVE•added 2018/04/03 6:29 a.m.•51 views

CVE-2018-4082

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or c...

9.3CVSS8.1AI score0.00187EPSS

CVE•added 2019/04/03 6:29 p.m.•51 views

CVE-2018-4305

An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

6.5CVSS6.8AI score0.00087EPSS

Total number of security vulnerabilities1641