Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 23 of 95
CVE-2023-28185MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42024-01-10
CVE-2023-28185 [MEDIUM] CWE-190 CVE-2023-28185: An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.
nvdapple
CVE-2022-48618HIGHCVSS 7.0KEVfixed in 9.2≥ unspecified, < 9.22024-01-09
CVE-2022-48618 [HIGH] CWE-367 CVE-2022-48618: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7
nvdapple
CVE-2023-42890HIGHCVSS 8.8fixed in 10.2≥ unspecified, < 10.22023-12-12
CVE-2023-42890 [HIGH] CWE-94 CVE-2023-42890: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Son
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
nvdapple
CVE-2023-42899HIGHCVSS 7.8fixed in 10.2≥ unspecified, < 10.22023-12-12
CVE-2023-42899 [HIGH] CVE-2023-42899: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.
nvdapple
CVE-2023-42919MEDIUMCVSS 5.5≥ unspecified, < 10.22023-12-12
CVE-2023-42919 [MEDIUM] CVE-2023-42919: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.
nvdapple
CVE-2023-42898MEDIUMCVSS 5.5fixed in 10.2≥ unspecified, < 10.22023-12-12
CVE-2023-42898 [MEDIUM] CVE-2023-42898: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, wat
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.
nvdapple
CVE-2023-42914MEDIUMCVSS 6.3fixed in 10.2≥ unspecified, < 10.22023-12-12
CVE-2023-42914 [MEDIUM] CVE-2023-42914: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.
nvdapple
CVE-2023-42883MEDIUMCVSS 5.5fixed in 10.2≥ unspecified, < 10.22023-12-12
CVE-2023-42883 [MEDIUM] CVE-2023-42883: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Son
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
nvdapple
CVE-2023-42917HIGHCVSS 8.8KEVv10.22023-12-11
CVE-2023-42917 [HIGH] CVE-2023-42917: watchOS 10.2
Apple Security Update: About the security content of watchOS 10.2
Product: watchOS
Version: 10.2
CVE: CVE-2023-42917
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.
apple
CVE-2023-40389MEDIUMCVSS 5.5v10.22023-12-11
CVE-2023-40389 [MEDIUM] CVE-2023-40389: watchOS 10.2
Apple Security Update: About the security content of watchOS 10.2
Product: watchOS
Version: 10.2
CVE: CVE-2023-40389
Component: Transparency
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved restriction of data container access.
apple
CVE-2023-42916MEDIUMCVSS 6.5KEVv10.22023-12-11
CVE-2023-42916 [MEDIUM] CVE-2023-42916: watchOS 10.2
Apple Security Update: About the security content of watchOS 10.2
Product: watchOS
Version: 10.2
CVE: CVE-2023-42916
Component: WebKit
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.
apple
CVE-2023-42852HIGHCVSS 8.8fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-42852 [HIGH] CVE-2023-42852: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, w
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
nvdapple
CVE-2023-41976HIGHCVSS 8.8fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-41976 [HIGH] CWE-416 CVE-2023-41976: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
nvdapple
CVE-2023-40447HIGHCVSS 8.8fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-40447 [HIGH] CWE-119 CVE-2023-40447: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
nvdapple
CVE-2023-41997MEDIUMCVSS 4.6fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-41997 [MEDIUM] CVE-2023-41997: This issue was addressed by restricting options offered on a locked device. This issue is fixed in m
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
nvdapple
CVE-2023-42846MEDIUMCVSS 5.3fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-42846 [MEDIUM] CWE-200 CVE-2023-42846: This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 1
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.
nvdapple
CVE-2023-41254MEDIUMCVSS 5.5fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-41254 [MEDIUM] CWE-532 CVE-2023-41254: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
nvdapple
CVE-2023-40413MEDIUMCVSS 5.5fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-40413 [MEDIUM] CVE-2023-40413: The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
nvdapple
CVE-2023-40408MEDIUMCVSS 5.3fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-40408 [MEDIUM] CWE-400 CVE-2023-40408: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
nvdapple
CVE-2023-41988MEDIUMCVSS 6.8fixed in 10.1≥ unspecified, < 10.12023-10-25
CVE-2023-41988 [MEDIUM] CWE-200 CVE-2023-41988: This issue was addressed by restricting options offered on a locked device. This issue is fixed in m
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
nvdapple