Apple watchOS vulnerabilities

CVE-2025-24117 [MEDIUM] CWE-922 CVE-2025-24117: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

CVE-2025-24161 [MEDIUM] CWE-754 CVE-2025-24161: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54497 [MEDIUM] CWE-770 CVE-2024-54497: The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.

CVE-2025-24124 [MEDIUM] CVE-2025-24124: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2025-24113 [MEDIUM] CVE-2025-24113: The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.

CVE-2025-24160 [MEDIUM] CWE-404 CVE-2025-24160: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54518 [MEDIUM] CWE-125 CVE-2024-54518: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2025-24086 [MEDIUM] CWE-770 CVE-2025-24086: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.

CVE-2025-24158 [MEDIUM] CWE-79 CVE-2025-24158: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.

CVE-2025-24162 [MEDIUM] CWE-125 CVE-2025-24162: This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-54478 [MEDIUM] CWE-125 CVE-2024-54478: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-54523 [MEDIUM] CWE-787 CVE-2024-54523: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2025-24131 [MEDIUM] CWE-120 CVE-2025-24131: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24163 [MEDIUM] CVE-2025-24163: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 1 The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sequoia 15.4, macOS Sonoma 14.7.3, tvOS 18.3, tvOS 18.4, visionOS 2.3, visionOS 2.4, watchOS 11.3, watchOS 11.4. Parsing a file may lead to an unexpected app termination.

CVE-2025-24149 [MEDIUM] CWE-125 CVE-2025-24149: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to disclosure of user information.

CVE-2025-24123 [MEDIUM] CVE-2025-24123: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54541 [MEDIUM] CWE-922 CVE-2024-54541: This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.

CVE-2024-40771 [HIGH] CWE-863 CVE-2024-40771: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-27856 [HIGH] CWE-94 CVE-2024-27856: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPa The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2024-54535 [MEDIUM] CWE-22 CVE-2024-54535: A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.