Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 30 of 95
CVE-2023-27933MEDIUMCVSS 6.7fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27933 [MEDIUM] CWE-787 CVE-2023-27933: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2023-28178MEDIUMCVSS 5.5≥ unspecified, < 9.42023-05-08
CVE-2023-28178 [MEDIUM] CVE-2023-28178: A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.
nvdapple
CVE-2023-27956MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27956 [MEDIUM] CWE-120 CVE-2023-27956: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
nvdapple
CVE-2023-27929MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27929 [MEDIUM] CWE-125 CVE-2023-27929: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
nvdapple
CVE-2023-27954MEDIUMCVSS 6.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27954 [MEDIUM] CWE-863 CVE-2023-27954: The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, S
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.
nvdapple
CVE-2023-23535MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-23535 [MEDIUM] CWE-120 CVE-2023-23535: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
nvdapple
CVE-2023-23527MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-23527 [MEDIUM] CVE-2023-23527: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 an
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A user may gain access to protected parts of the file system.
nvdapple
CVE-2023-27931MEDIUMCVSS 5.5fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27931 [MEDIUM] CWE-203 CVE-2023-27931: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3,
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.
nvdapple
CVE-2023-27928LOWCVSS 3.3fixed in 9.4≥ unspecified, < 9.42023-05-08
CVE-2023-27928 [LOW] CVE-2023-27928: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.
nvdapple
CVE-2023-23543LOWCVSS 3.6≥ unspecified, < 9.42023-05-08
CVE-2023-23543 [LOW] CVE-2023-23543: The issue was addressed with additional restrictions on the observability of app states. This issue
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the camera.
nvdapple
CVE-2023-28195LOWCVSS 3.3v9.42023-03-27
CVE-2023-28195 [LOW] CVE-2023-28195: watchOS 9.4
Apple Security Update: About the security content of watchOS 9.4
Product: watchOS
Version: 9.4
CVE: CVE-2023-28195
Component: Find My
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
apple
CVE-2023-23524HIGHCVSS 7.5fixed in 9.3.1≥ unspecified, < 9.32023-02-27
CVE-2023-23524 [HIGH] CWE-400 CVE-2023-23524: A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS
A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.
nvdapple
CVE-2023-23518HIGHCVSS 8.8fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23518 [HIGH] CWE-787 CVE-2023-23518: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2023-23504HIGHCVSS 7.8fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23504 [HIGH] CWE-787 CVE-2023-23504: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2023-23519HIGHCVSS 7.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23519 [HIGH] CWE-787 CVE-2023-23519: A memory corruption issue was addressed with improved state management. This issue is fixed in watch
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.
nvdapple
CVE-2023-23496HIGHCVSS 8.8fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23496 [HIGH] CWE-94 CVE-2023-23496: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2023-23517HIGHCVSS 8.8fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23517 [HIGH] CWE-119 CVE-2023-23517: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2023-23502MEDIUMCVSS 5.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23502 [MEDIUM] CWE-125 CVE-2023-23502: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.
nvdapple
CVE-2023-23512MEDIUMCVSS 6.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23512 [MEDIUM] CVE-2023-23512: The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 1
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.
nvdapple
CVE-2023-23520MEDIUMCVSS 5.9≥ unspecified, < 9.32023-02-27
CVE-2023-23520 [MEDIUM] CWE-367 CVE-2023-23520: A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
nvdapple