Apple Watchos11.1 vulnerabilities

CVE-2024-44285 [HIGH] CVE-2024-44285: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44285 Component: IOSurface Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: A use-after-free issue was addressed with improved memory management.

CVE-2024-44255 [HIGH] CVE-2024-44255: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44255 Component: App Support Impact: A malicious app may be able to run arbitrary shortcuts without user consent Description: A path handling issue was addressed with improved logic.

CVE-2024-54538 [HIGH] CVE-2024-54538: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-54538 Component: Security Impact: A remote attacker may be able to cause a denial-of-service Description: A denial-of-service issue was addressed with improved input validation.

CVE-2024-44232 [MEDIUM] CVE-2024-44232: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44232 Component: AppleAVD Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved bounds checks.

CVE-2024-54535 [MEDIUM] CVE-2024-54535: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-54535 Component: Calendar Impact: An attacker with access to calendar data could also read reminders Description: A path handling issue was addressed with improved logic.

CVE-2024-44296 [MEDIUM] CVE-2024-44296: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44296 Component: WebKit Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved checks.

CVE-2024-44215 [MEDIUM] CVE-2024-44215: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44215 Component: ImageIO Impact: Processing an image may result in disclosure of process memory Description: This issue was addressed with improved checks.

CVE-2024-44274 [MEDIUM] CVE-2024-44274: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44274 Component: Accessibility Impact: An attacker with physical access to a locked device may be able to view sensitive user information Description: The issue was addressed with improved authentication.

CVE-2024-44244 [MEDIUM] CVE-2024-44244: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44244 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A memory corruption issue was addressed with improved input validation.

CVE-2024-44254 [MEDIUM] CVE-2024-44254: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44254 Component: Shortcuts Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44240 [MEDIUM] CVE-2024-44240: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44240 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: The issue was addressed with improved checks.

CVE-2024-44269 [MEDIUM] CVE-2024-44269: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44269 Component: Shortcuts Impact: A malicious app may use shortcuts to access restricted files Description: A logic issue was addressed with improved checks.

CVE-2024-44234 [MEDIUM] CVE-2024-44234: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44234 Component: AppleAVD Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved bounds checks.

CVE-2024-44212 [MEDIUM] CVE-2024-44212: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44212 Component: WebKit Impact: Cookies belonging to one origin may be sent to another origin Description: A cookie management issue was addressed with improved state management.

CVE-2024-44282 [MEDIUM] CVE-2024-44282: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44282 Component: Foundation Impact: Parsing a file may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved input validation.

CVE-2024-44273 [MEDIUM] CVE-2024-44273: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44273 Component: CoreMedia Playback Impact: A malicious app may be able to access private information Description: This issue was addressed with improved handling of symlinks.

CVE-2024-44302 [MEDIUM] CVE-2024-44302: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44302 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: The issue was addressed with improved checks.

CVE-2024-44297 [MEDIUM] CVE-2024-44297: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44297 Component: ImageIO Impact: Processing a maliciously crafted message may lead to a denial-of-service Description: The issue was addressed with improved bounds checks.

CVE-2024-44278 [MEDIUM] CVE-2024-44278: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44278 Component: Siri Impact: A sandboxed app may be able to access sensitive user data in system logs Description: An information disclosure issue was addressed with improved private data redaction for log entries.

CVE-2024-44194 [MEDIUM] CVE-2024-44194: watchOS11.1 Apple Security Update: About the security content of watchOS11.1 Product: watchOS11.1 CVE: CVE-2024-44194 Component: Siri Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved redaction of sensitive information.