Apple watchOS vulnerabilities

CVE-2022-46712 [HIGH] CVE-2022-46712: watchOS 9.1 Apple Security Update: About the security content of watchOS 9.1 Product: watchOS Version: 9.1 CVE: CVE-2022-46712 Component: Kernel Impact: An app may be able to cause unexpected system termination or potentially execute code with kernel privileges Description: A use after free issue was addressed with improved memory management.

CVE-2022-32847 [CRITICAL] CWE-119 CVE-2022-32847: This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macO This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2022-32845 [CRITICAL] CWE-693 CVE-2022-32845: This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPad This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.

CVE-2022-22637 [HIGH] CWE-346 CVE-2022-22637: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

CVE-2020-36521 [HIGH] CWE-125 CVE-2020-36521: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud fo An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

CVE-2022-32819 [HIGH] CWE-269 CVE-2022-32819: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

CVE-2022-32787 [HIGH] CWE-787 CVE-2022-32787: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22610 [HIGH] CWE-787 CVE-2022-22610: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.

CVE-2022-26700 [HIGH] CWE-787 CVE-2022-26700: A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

CVE-2022-22629 [HIGH] CWE-787 CVE-2022-22629: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32790 [HIGH] CWE-400 CVE-2022-32790: This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15 This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.

CVE-2022-32826 [HIGH] CWE-269 CVE-2022-32826: An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

CVE-2022-32820 [HIGH] CWE-787 CVE-2022-32820: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32815 [HIGH] CWE-787 CVE-2022-32815: The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-32821 [HIGH] CWE-787 CVE-2022-32821: A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-22628 [HIGH] CWE-416 CVE-2022-22628: A use after free issue was addressed with improved memory management. This issue is fixed in macOS M A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32814 [HIGH] CWE-843 CVE-2022-32814: A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8. A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32792 [HIGH] CWE-787 CVE-2022-32792: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32817 [MEDIUM] CWE-125 CVE-2022-32817: An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watc An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

CVE-2022-32816 [MEDIUM] CWE-451 CVE-2022-32816: The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iO The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.