Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 31 of 95
CVE-2023-23500MEDIUMCVSS 5.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23500 [MEDIUM] CWE-200 CVE-2023-23500: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iO
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to leak sensitive kernel state.
nvdapple
CVE-2022-46705MEDIUMCVSS 4.3fixed in 9.22023-02-27
CVE-2022-46705 [MEDIUM] CVE-2022-46705: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input valid
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
nvdapple
CVE-2022-32824MEDIUMCVSS 5.5fixed in 8.7≥ unspecified, < 8.7+1 more2023-02-27
CVE-2022-32824 [MEDIUM] CWE-200 CVE-2022-32824: The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7
The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
nvdapple
CVE-2023-23511MEDIUMCVSS 5.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23511 [MEDIUM] CWE-200 CVE-2023-23511: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
nvdapple
CVE-2023-23503MEDIUMCVSS 5.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23503 [MEDIUM] CWE-288 CVE-2023-23503: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
nvdapple
CVE-2023-23499MEDIUMCVSS 5.5fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23499 [MEDIUM] CWE-200 CVE-2023-23499: This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3,
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.
nvdapple
CVE-2022-32891MEDIUMCVSS 6.1fixed in 9.0≥ unspecified, < 9+1 more2023-02-27
CVE-2022-32891 [MEDIUM] CWE-1021 CVE-2022-32891: The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchO
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
nvd
CVE-2022-32844MEDIUMCVSS 6.3fixed in 8.7≥ unspecified, < 8.7+1 more2023-02-27
CVE-2022-32844 [MEDIUM] CWE-362 CVE-2022-32844: A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watch
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.
nvdapple
CVE-2023-23505LOWCVSS 3.3fixed in 9.3≥ unspecified, < 9.32023-02-27
CVE-2023-23505 [LOW] CWE-532 CVE-2023-23505: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.
nvdapple
CVE-2022-0108MEDIUMCVSS 6.5v9.32023-01-23
CVE-2022-0108 [MEDIUM] CVE-2022-0108: watchOS 9.3
Apple Security Update: About the security content of watchOS 9.3
Product: watchOS
Version: 9.3
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
apple
CVE-2022-42837CRITICALCVSS 9.8fixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-42837 [CRITICAL] CWE-20 CVE-2022-42837: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. Th
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.
nvdapple
CVE-2022-42842CRITICALCVSS 9.8fixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-42842 [CRITICAL] CWE-787 CVE-2022-42842: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.
nvdapple
CVE-2022-42867HIGHCVSS 8.8fixed in 9.2≥ unspecified, < 9.2+1 more2022-12-15
CVE-2022-42867 [HIGH] CWE-416 CVE-2022-42867: A use after free issue was addressed with improved memory management. This issue is fixed in Safari
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2022-46689HIGHCVSS 7.0PoCfixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-46689 [HIGH] CWE-362 CVE-2022-46689: A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS M
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2022-42845HIGHCVSS 7.2fixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-42845 [HIGH] CWE-787 CVE-2022-42845: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2022-42863HIGHCVSS 8.8fixed in 9.2≥ unspecified, < 9.2+1 more2022-12-15
CVE-2022-42863 [HIGH] CWE-787 CVE-2022-42863: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2022-46696HIGHCVSS 8.8fixed in 9.2≥ unspecified, < 9.2+1 more2022-12-15
CVE-2022-46696 [HIGH] CWE-787 CVE-2022-46696: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2022-46699HIGHCVSS 8.8fixed in 9.2≥ unspecified, < 9.2+1 more2022-12-15
CVE-2022-46699 [HIGH] CWE-787 CVE-2022-46699: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2022-46690HIGHCVSS 7.8fixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-46690 [HIGH] CWE-787 CVE-2022-46690: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2022-46694HIGHCVSS 7.8fixed in 9.2≥ unspecified, < 9.22022-12-15
CVE-2022-46694 [HIGH] CWE-787 CVE-2022-46694: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.
nvdapple